Wireshark mailing list archives

Re: Duplicating TCP dissector

From: Guy Harris <guy () alum mit edu>
Date: Thu, 30 Jun 2011 11:01:26 -0700


On Jun 29, 2011, at 3:52 PM, Randy Buck wrote:

I am building many new versions of TCP in user space.  All packet headers are the same (IP, then TCP).  The packets 
will be sent/received over raw sockets.  So I can filter out my TCP versions with actual kernel TCP I am using other 
protocol numbers besides 6.  I wish to view these traces in wireshark to ensure that the implementations are correct. 
 I am logging all packets to a pcap file and am able to view them fine in wireshark.  The issue at hand is that 
wireshark will only recognize TCP packets if the protocol number in the IP field is 6.  I wish to view these packets 
as a TCP trace in wireshark.  As far as I see it, I have a couple of options:


3. In your version of Wireshark, have packet-tcp.c register itself in the "ip.proto" table, in proto_reg_handoff_tcp(), 
with IP_PROTO_TCP (6) *and* with your protocol numbers as well.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Duplicating TCP dissector Randy Buck (Jun 30)
- Re: Duplicating TCP dissector Tyson Key (Jun 30)
- Re: Duplicating TCP dissector Jaap Keuter (Jun 30)
- Re: Duplicating TCP dissector Guy Harris (Jun 30)