On Apr 27, 2012, at 9:26 AM, Chad Milam wrote:
> I've written two relatively simple dissectors and gotten them to work under
> some basic conditions. However, the protocols can use random ports (not
> inside of a single conversation, but generally speaking). Also, the
> protocols are not easily identified by any marker inside of the protocol,
> making heuristics not terribly ideal. Both of them are based on UDP.
>
> Is there a way I can get the protocol dissector plugin to show up in the
> decode as menu, and not have them do any real work until it is selected?
In the "register handoffs" routine for your dissector, register it in the
"udp.port" dissector table with
dissector_add_handle("udp.port", {handle for your dissector});
This makes it eligible for "Decode As..." with a UDP port, but doesn't actually
register it with any particular UDP port value.
That's the best choice if the ports are truly randomly chosen, so that, for any
given conversation, there's very little chance that the same ports that the
previous conversation at which you looked will be used.
If there is significantly less randomness, Beth's suggestion might be more
convenient, as a preference will be remembered.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
