Hi, I'm writing my first protocol dissector (a plugin). I have the basics up and running. However, this protocol has a couple of unique issues:
1 Although encapsulated in UDP, it doesn't use a well-known port. I'm OK with telling wireshark to decode using the protocol specifically (right-click on packet and select "Decode As"), and that's working for me at a gross level. Now I want to decode the details... 2 The protocol is asymmetrical. Packets sent by client and server have different formats, only distinguished by whether the sender is client or server. There is a common header that I'll want to share decoding for, but after that the packet structures differ. Is it possible to write a dissector for such a protocol? Say I select a particular packet and choose "Decode As", and require that the packet chosen be one sent by the server, for instance. Now I know what UDP port and IP address identify the server and ditto for the client. Can I now build separate proto trees depending on which is sending the packet? Is there some other approach someone can recommend? Thanks for any and all tips! -Bob _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev