Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] display filtering + how to analyze some TCP packets

From: Teto <mattator@xxxxxxxxx>
Date: Tue, 25 Oct 2011 17:26:32 +0200
Hi,

1st question:
It took me some time but thanks to README.developer I think I
understand how display filtering works now. I was wondering if it was
possible to update an item's header field id after its creation. For
example:
proto_item* pi = proto_tree_add_text(subtree,tvb,offset,4,"Type: %u",type);
set_item_header_field(&hf_my_field_id);   /// for example. Does any
equivalent function exists


And my 2nd question would be:
There is some TCP traffic going on random ports concerning the
protocol I analyze. How can I assign this traffic to my dissector ? It
needs to analyze the first bytes to know if it matches my protocol.
I solved the problem for udp (it's a predefined port):
dissector_add_uint("udp.port", ENERGYWISE_UDP_DPORT, energywise_udp_handle);
but I dunno for tcp.

Once I've recognized the first packet, I read that I had to start a
conversation.

Regards
Matt

Nb: At first I wanted to dissociate both topics but I didn't want to
spam your inboxes.