The main drawback of this method is that wireshark refreshes the trace
window and this could take a while, depending on the trace size and on
your PC power.
I had the same request than Yvan, because I have a TFTP protocol based
on port 59 (for call) and 50450-50460 ports for the rest of protocol. I
came to the conclusion that I have to rebuild wireshark with changing
the source packet-tftp.c (define UDP_PORT_TFTP from 69 to 59). Then for
the other ports, it seems that the dissector adapts itself
automatically, but I need to confirm it by testing because I am not very
familiar with wireshark API.
Stig Bjørlykke a écrit :
On Tue, Jun 2, 2009 at 9:49 AM, <yvanmmailbox-...@yahoo.fr> wrote:
I need to dissect frames that use tftp protocol but not on the standard
port. Is it possible to modify it without compiling the whole Wireshark or
re-writing a plugin with the same code (I don't want to have a
compiled-specific version of Wireshark)?
You can select the package you want to be dissected as tftp, select
Analyse -> Decode As..., select the correct source/destination port
and select TFTP from the list.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
