Re: Dissecting a Protocol with multiple static TCP ports

[Bill Meier <wmeier () newsguy com>]

Craig Bumpstead wrote:
> Hi,
>
> I am trying to write a dissector for a proprietary protocol. This protocol can use 4 static TCP ports. 
> Thanks to the Wireshark tutorial I have gotten the dissector to work, but only with one static TCP port.
>
> I have tried:
> dissector_add("tcp.port", 21016, myproto_handle);  
> dissector_add("tcp.port", 4435, myproto_handle);
> ....
> .....
>
> without any luck, it just decodes the first 2 packets then will only decode packets with TCP port 21016.


I would have expected that the above would result in your dissector code 
being called for any TCP packet which has either of the ports as a 
source or destination.

I'm not sure what you mean by "it just decodes the first 2 packets ...".

Do you mean that it does decode 2 packets with a tcp port of 4435 ?

If so, my guess is that there's something in your dissector code which 
is clobbering something somehow.

Also: make sure you have the tcp protocol option "Try Heuristic 
sub-dissectors first" set to off.
[Edit ! Preferences ! Protocols ! TCP]



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe