You need to match the name of a dissector table that has been created by your parent protocol. TCP creates one named "tcp.port" and UDP creates a similar one "udp.port", for example. This type of dissector table assumes you will provide a value (such as port#) to be matched when selecting your dissector.
If you have no specific value to be matched, you might read up on how to create and register heuristic dissectors - but you will need the name of a heuristic dissector list already created by your parent protocol, in order to add your dissector to it. On Thu, Aug 27, 2009 at 1:47 PM, Patrick Lannigan <[email protected]>wrote: > The dissector I'm writing is a custom link layer protocol. My issue is that > I'm not sure what I should use in the dissector_add() function. Most of the > dissectors seem to be referencing other protocols like "tcp.port", but that > does not apply in my case. The other thing I've seen is "wtap_encap" with > the value being some defined constant. Can someone help me along in the > right direction? If "wtap_encap" is the correct method, does that mean there > is other files I should be editing in addition to my packet-abc file? > > Patrick > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
