I'm looking at a similar thing at the moment with a view to adding some UI features allowing a more arbitrary selection of protocol in "decode as", but anything I do will be a few weeks away. If you're running 0.99.4 and you're happy to look at the code to work out how the particular dissectors are working, and to write Lua macros, then you might be able to do something by manipulating the dissector tables using Lua. Look at http://wiki.wireshark.org/Lua http://wiki.wireshark.org/Lua/Dissector _If_ you can identify the protocol you want to direct the packets to (PPP?), _and_ the one that you are directing from (UDP?) you might be able to set UDP port <x> to dissect as PPP. Failing that, if you can just add the PPP dissector to the underlying protocol's heuristics table (if it has one), I think it will appear in the "decode as" list. This is all a bit vague because I have just started looking at this; it may or may not work, and I don't know if it's the sort of hackery you're looking for.
________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Fassler Sent: 08 December 2006 22:58 To: Community support list for Wireshark Subject: [Wireshark-users] openvpn and packet sniffing I have tried both suggestions for me to view the RTP/SIP/SDP traffic contained in the UDP packets travelling through an OpenVPN tunnel. Neither worked for this reason: The payload of the UDP packets do indeed contain such traffic as RTP SIP etc as appropriate, but they are all preceeded by a tunneling protocol. In my case it appears to be PPP. I can not use "Decode as" because in the transport options PPP is not listed. This is unfortunate because obviously there are dissectors or plugins in the Wireshark software that will do the trick but I don't seem to have them available to dissect the protocol when it is in the payload instead of the link layer. I am trying to confirm that the protocol is indeed PPP. In the mean time is there anyway to add more options to the decode as within the transport layer? Bill ________________________________ Check out the all-new Yahoo! Mail beta <http://us.rd.yahoo.com/evt=43257/*http://advision.webevents.yahoo.com/m ailbeta> - Fire up a more powerful email and get things done faster. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies. Detica Limited is registered in England under No: 1337451. Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.
_______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
