'[Wireshark-dev] Sub-dissector without heuristics'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-dev
Subject:    [Wireshark-dev] Sub-dissector without heuristics
From:       David Venz <david.venz () gmail ! com>
Date:       2010-11-20 12:24:12
Message-ID: AANLkTinJjQfWru5FkpFPpNwAcX0wWt+Xs8wxqQZDDC4x () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello all.

Currently writing dissectors for a related family of proprietary protocols
atop TCP.  They all have similar top-level framing, so I started out writing
a plugin dissector for that top level.  But I don't have any way of directly
or heuristically detecting the payload type and calling the appropriate
sub-dissector.  If there was an extra level of 'decode as' available it
might work - is there?  (I suspect not).  Otherwise, am I basically stuck
putting the common code in a library and writing a top-level dissector per
payload type?

Alternatively, is there a way of going to a TCP message, saying 'decode as'
payload type A dissector, and having the payload type A dissector first
call/insert a parent dissector between the TCP message and itself?

Thanks in advance,
-Dave.

[Attachment #5 (text/html)]

<div>Hello all.</div>
<div>=A0</div>
<div>Currently writing dissectors for a related family of proprietary proto=
cols atop TCP.=A0 They all have similar top-level framing, so I started out=
 writing a plugin dissector for that top level.=A0 But I don&#39;t have any=
 way of directly or heuristically detecting the payload type and calling th=
e appropriate sub-dissector.=A0 If there was an extra level of &#39;decode =
as&#39; available it might work - is there?=A0 (I suspect not).=A0 Otherwis=
e, am I basically stuck putting the common code in a library and writing a =
top-level dissector per payload type?</div>

<div><br>Alternatively, is there a way of going to a TCP message, saying &#=
39;decode as&#39; payload type A dissector, and having the payload type A d=
issector first call/insert a parent dissector between the TCP message and i=
tself?</div>

<div>=A0</div>
<div>Thanks in advance,</div>
<div>-Dave.</div>


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic