Wireshark mailing list archives

Heuristic Dissector Priority


From: Richard Maudsley <richard.maudsley () powwownow com>
Date: Mon, 22 Apr 2013 16:11:03 +0000

My plugin registers a UDP heuristic dissector which handles several protocols multiplexed on the same port. This is 
working fine, except that one of the built-in Wireshark dissectors is picking up packets before I get a chance to see 
them and blocks my dissector from running, even though I would be able to return TRUE from the dissector procedure and 
handle the packet.

At first I started looking for some sort of priority setting (a simple integer precedence on the dissector would have 
made sense), but it doesn't look like such a thing exists. Then I started looking into more complicated solutions, such 
as disabling the offending dissector, allowing my dissector to run, and invoking it afterwards as a sub-dissector.

Any hints on how to do this properly would be greatly appreciated.

Regards, Richard

Richard Maudsley | Junior Systems Developer
Office: +44 (0)207 990 0900 | Fax: +44 (0)203 355 4262
UK Office: First Floor, Vectra House, 36 Paradise Road, Richmond, TW9 1SE
Website: www.powwownow.co.uk<http://www.powwownow.co.uk/>

[Description: http://images.powwownow.com/signature-pwn-tt-b2b.png]

The information contained in this email and attachments is confidential and is intended for the exclusive use of the 
individual(s) or organisation(s) specified herein. Unauthorised dissemination, copying of content, misuse or wrongful 
disclosure of information contained herein is strictly prohibited and may be illegal. Views expressed in this message 
are those of the individual sender, unless the sender specifically states them to be the views of an 
organisation/employer. If you have received this email in error, delete it and contact the sender on +44 207 990 0900. 
Please rely on your own virus check as no responsibility is taken by the sender for damage arising from any virus 
infection this communication may contain

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread: