Re: New Dissector only applied to first packet

[Guy Harris <guy () alum mit edu>]

On Nov 2, 2012, at 1:28 PM, Jan Willamowius <jan () willamowius de> wrote:

> It turns out that other packets in between are responsible for the
> dissector not being called for packets that come after them. If I mark
> those to be ignored in the GUI, my dissector is called for all matching
> packets and works fine.
>
> My dissector only handles UDP packets, but strangely the stop-packets
> are all TCP packets and I have verified that my dissector never even
> gets called for them.

A dissector for one protocol can set up future (in the sense of "later in the capture") packets to or from certain 
endpoints to be dissected as a particular protocol.  This is used, for example, for protocols such as SIP, which 
initiate a session and specify "use port XXX" for that session, so that future UDP traffic to or from port XXX should 
be dissected as RTP for that session.

What protocol(s) are in the TCP packets in question?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe