Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] modified INAP dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Günter Strubreiter" <robie.die.katze@xxxxxx>
Date: Fri, 18 Mar 2011 14:20:00 +0100
From: Anders Broman <a.broman@xxxxxxxxxxxx>
Date: Thu, 17 Mar 2011 20:46:14 +0100

"Günter Strubreiter" skrev 2011-03-17 18:12:

    hello experts,

    is it possible to inroduce an modified INAP dissector in parallel to the already existing INAP dissector (for example as plugin).
    then INAP could be dissected as usual and if needed the modified INAP by enabling the new protocol and disabling the original INAP.
    we have to use the same TCAP SSNs (106,241)!
    i expect modifying the existing INAP dissector will work anyway.
    but then only this dissector can be used...
    hope this can be answered.
    thx


What's the reason for having a parallel dissector?
version issues, proprietary add-ons, ...

Perhaps it's possible to combine the dissectors, they could probably co-exists

(with slightly different names ) as ssn should be configurable.
Best regards
Anders

----------------------------------------------------------
hi,

the reason is that we have to write proprietary add-ons.

we have already written an additional dissector based on inap.
i.e. we used the original inap sources and made changes according our needs.
mainly additional optional parameters and extensions.
with wireshark verson 1.3.6 it worked more or less.
switching between inap and our dissector was not always stable but for our needs it worked well.
we tried the same with wireshark version 1.4.0 & 1.4.4 and now we see problems.
some parameters are not dissected as before and at the first look it seems that in every case the inap dissector was called.
that's why im asking if there is a general possibility to use 2 dissectors in parallel.

today i have verified that our dissector is called.
but why this parameters for example 'entensions' is not dissected the right way is strange to me.
i thought it might be a fortune that in worked with wireshark version 1.3.6 and some changes in wirshark leads to a now not working dissector.

does someone know if there was somthing changed in this area?

kr guenter

-- 
GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit 
gratis Handy-Flat! http://portal.gmx.net/de/go/dsl
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube