Re: [Wireshark-dev] ask about dissector_add ( ) function to instruct wireshark to pass packet to my dissector

Wed, 22 Jun 2011 10:04:19 -0700 

Thank you, Jaap

John

> Date: Wed, 22 Jun 2011 08:23:23 +0200
> From: [email protected]
> To: [email protected]
> Subject: Re: [Wireshark-dev] ask about dissector_add ( ) function to instruct 
> wireshark to pass packet to my dissector
> 
> Hi,
> 
> Have a look at packet-rtp.c, which does a similar thing.
> 
> Check for heur_dissector_add( "udp", dissect_rtp_heur, proto_rtp);
> 
> Thanks,
> Jaap
> 
> 
> On 06/22/2011 05:59 AM, cq x wrote:
> > thank you
> > 
> > on top of UDP
> > 
> > yes, it is looking for a special value in the first byte of the packet
> > 
> > Thanks again
> > 
> > 
> > 
> > 
> >  > From: [email protected]
> >  > Date: Tue, 21 Jun 2011 17:56:37 -0700
> >  > To: [email protected]
> >  > Subject: Re: [Wireshark-dev] ask about dissector_add ( ) function to 
> > instruct 
> > wireshark to pass packet to my dissector
> >  >
> >  >
> >  > On Jun 21, 2011, at 4:18 PM, Changqin Xia wrote:
> >  >
> >  > > I am a newbie on dissector development. I have a question about the 
> > "dissector_add( )" function.
> >  > >
> >  > > I went through a few examples, most of them are using "tcp.port" or 
> > "udp.port" or something like that.
> >  > >
> >  > > My dissector not uses any port number to instruct wireshark to pass 
> > packets 
> > to my dissector, my dissector is using "Magic" (the first byte).
> >  >
> >  > What protocol does your dissector's protocol run on top of? TCP, UDP, or 
> > something els e?
> >  >
> >  > And when you say "my dissector is using "Magic" (the first byte)", do 
> > you 
> > mean it's looking for a special magic value in the first byte of its packet 
> > data?
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:[email protected]?subject=unsubscribe
                                          
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

Reply via email to