Wireshark mailing list archives
Dissector for a custom protocol which starts as HTTP
From: David Ameiss <netshark () ameissnet com>
Date: Tue, 16 Apr 2019 16:20:46 -0500
I've developed a dissector for a custom protocol used by my company. The protocol starts out as HTTP, as in an HTTP GET, but after that uses the "custom" part - not HTTP at all.
The problem I'm running into is that, once a conversation is identified by the HTTP dissector as being HTTP (due to the first message, which IS HTTP), it stays that way. My dissector isn't called. I've added my dissector as a heuristic dissector for HTTP, but that doesn't seem to help. And unfortunately (since subsequent packets are not HTTP) I don't have Content-Type to steer the packets my way.
Subsequent packets appear as HTTP Continuation, BTW.Is there some way to tell HTTP not to treat following packets for that conversation as HTTP, and to pass them to my dissector? Or a way to call the HTTP dissector (from my dissector) for the first packet WITHOUT it being "marked" as HTTP forever and ever?
-- David Ameiss netshark () ameissnet com ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissector for a custom protocol which starts as HTTP David Ameiss (Apr 16)
- Re: Dissector for a custom protocol which starts as HTTP Eugène Adell (Apr 16)
- Re: Dissector for a custom protocol which starts as HTTP Peter Wu (Apr 17)