Wireshark mailing list archives
Re: Dissector skipping packets
From: Craig Bumpstead <cbumpste () yahoo com au>
Date: Tue, 4 May 2010 22:45:38 -0700 (PDT)
Steve, I think I have found the problem. Depending upon the packet type, the decode of the bytes following the packet type is different. example: Packet Type 0 Trans type Seq Num Info type Info State Packet Type 2 Trans type Seq Num SPID Message type So the manner in which I was decoding the packet was wrong. I'm not sure how to have different paths for decoding of packets. Any ideas of the protocol that I should look at for this type of decode? Regards Craig ----- Original Message ---- From: Stephen Fisher <steve () stephen-fisher com> To: Developer support list for Wireshark <wireshark-dev () wireshark org> Sent: Wed, 5 May, 2010 2:58:15 PM Subject: Re: [Wireshark-dev] Dissector skipping packets On Tue, May 04, 2010 at 08:28:38PM -0700, Craig Bumpstead wrote:
I have created a dissector for a proprietary dissector and at the moment it doesn't seem to decode packets 3, 6, 9, 12 etc. I have put a breakpoint on dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree), but it doesn't even enter that function on the above listed packets.
Not sure what is intercepting the packet before my dissector.
My first guess was that the packets not being handed to your dissector are TCP segments that are reassembled. However, that would make more sense if it was dissecting packets 3, 6, 9 not everything but those. What protocol(s) does your dissector use? How are you registering it in proto_reg_handoff_<your proto>()? Are packets 3, 6, 9 different in some way? -- Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissector skipping packets Craig Bumpstead (May 04)
- Re: Dissector skipping packets Stephen Fisher (May 04)
- Re: Dissector skipping packets Craig Bumpstead (May 04)
- Re: Dissector skipping packets Stephen Fisher (May 08)
- Re: Dissector skipping packets Craig Bumpstead (May 04)
- Re: Dissector skipping packets Stephen Fisher (May 04)