Re: decoding of protocol layers atop own dissector

[Guy Harris <guy () alum mit edu>]

On Nov 9, 2010, at 11:00 PM, Kristian Martens wrote:

> Is it possible to set a wireshark dissector for potocol layers atop of an 
> dissector if wireshark is not able to determine which dissector shall be 
> used?

Yes.

> If yes, how can this be achieved?
> I developed a propriatary protocol dissector which is working fine. This 
> protocol transports a standardized protocol also being available in 
> wireshark.

If your proprietary protocol transports *only* the standardized protocol, then see Anders' response.  That requires 
that the standardized protocol's dissector register itself by name.

If it can transport other protocols, and the proprietary protocol packets carry enough information to determine what 
protocol is being transported, you might be able to set up a dissector table in your proprietary protocol and modify 
the dissectors for the other protocols to register in that dissector table, or you might have to have the dissectors 
for the other protocols register themselves by name, if they don't already do so.

> I thought I could select this protocol in the "decode as..." 
> dialog but it is not available there.

"Decode As…" is not a general mechanism, it's a specialized mechanism that knows about a small set of protocols and 
handoff mechanisms.  It might be nice to generalize it (and to have the information in dissector tables come from a 
configuration file rather than from calls in dissectors), but that hasn't been done at this point.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe