Hi all, I'm new to wireshark dissector development, and am looking for some general tips and pointers to helpful docs or example code for a protocol dissector I'm writing.
The (application-layer) protocol I want to dissect does not describe a single, pre-defined port for communication but has a telltale handshake procedure that can be used to determine the beginning of that protocol's communication. It is my understanding that under these circumstances, I would need to write a heuristic dissector in order to examine all incoming packets for this handshake. What I want to know is how to verify a multi-message handshake keep track of the protocol's "connection" once the handshake has been complete. I know that Wireshark can group collected packets into conversations based on a criteria, but I'm at a loss for how to go about using conversations in my dissector-- how to create conversations, how dissectors sequentially read packets from a conversation while maintaining persistent data about the conversation, etc. Can someone help me out in this regard? Thanks in advance, Qifan Xi _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
