Re: custom dissector

[Guy Harris <guy () alum mit edu>]

On Apr 27, 2012, at 9:26 AM, Chad Milam wrote:

> I've written two relatively simple dissectors and gotten them to work under some basic conditions. However, the 
> protocols can use random ports (not inside of a single conversation, but generally speaking).  Also, the protocols 
> are not easily identified by any marker inside of the protocol, making heuristics not terribly ideal.  Both of them 
> are based on UDP.
>
> Is there a way I can get the protocol dissector plugin to show up in the decode as menu, and not have them do any 
> real work until it is selected?

In the "register handoffs" routine for your dissector, register it in the "udp.port" dissector table with

        dissector_add_handle("udp.port", {handle for your dissector});

This makes it eligible for "Decode As..." with a UDP port, but doesn't actually register it with any particular UDP 
port value.

That's the best choice if the ports are truly randomly chosen, so that, for any given conversation, there's very little 
chance that the same ports that the previous conversation at which you looked will be used.

If there is significantly less randomness, Beth's suggestion might be more convenient, as a preference will be 
remembered.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe