Hi, Have a look at packet-rtp.c, which does a similar thing.
Check for heur_dissector_add( "udp", dissect_rtp_heur, proto_rtp); Thanks, Jaap On 06/22/2011 05:59 AM, cq x wrote: > thank you > > on top of UDP > > yes, it is looking for a special value in the first byte of the packet > > Thanks again > > > > > > From: [email protected] > > Date: Tue, 21 Jun 2011 17:56:37 -0700 > > To: [email protected] > > Subject: Re: [Wireshark-dev] ask about dissector_add ( ) function to > instruct > wireshark to pass packet to my dissector > > > > > > On Jun 21, 2011, at 4:18 PM, Changqin Xia wrote: > > > > > I am a newbie on dissector development. I have a question about the > "dissector_add( )" function. > > > > > > I went through a few examples, most of them are using "tcp.port" or > "udp.port" or something like that. > > > > > > My dissector not uses any port number to instruct wireshark to pass > packets > to my dissector, my dissector is using "Magic" (the first byte). > > > > What protocol does your dissector's protocol run on top of? TCP, UDP, or > something els e? > > > > And when you say "my dissector is using "Magic" (the first byte)", do you > mean it's looking for a special magic value in the first byte of its packet > data? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
