Thanks Harris It worked fine. I have another design query related to Heuristic dissectors. Well actually for TCP traffic already Ports are defined so I can let only those data packets to be dissected for whom tvb->srcport and destport is one of the Already defined ports. This way if though my dissector is heuristic, it is able to discard junk packets which are not suited for my purpose.
But for UDP there are no ports pre-defined and ports are basically decided on the fly. So it happens that flood of packets comes to my dissector and it is not able to decide whether it is one of the packets belonging to my_protocol. So if there any way out under this situation of registering my dissector Heuristically with TCP and UDP , I can identify the packets belonging to My_protocol especially for UDP case. So that it doesnt happen that any junk UDP packets gets dissected just because it fulfilled initial conditions. Any suggestion and help will be highly appreciated. Looking forward to hear on this. Thanks and Regards Hemant Kumar -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Wednesday, July 23, 2008 12:05 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Dissector Registration Query On Jul 23, 2008, at 11:42 AM, Kumar, Hemant wrote: > register_dissector("myprotocol", dissect_myprotocol_tcp, > proto_myprotocol); > register_dissector("myprotocol", dissect_myprotocol_udp, > proto_myprotocol); ... > Can you please suggest where I am going wrong? Is it to do with > multiple registrations with the same name? Yes. Heuristic dissectors are different from the dissectors you register with register_dissector(), so just get rid of those register_dissector() calls. _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
