Wireshark · Ethereal-dev: Re: [Ethereal-dev] direct dissect with plugin

Ethereal-dev: Re: [Ethereal-dev] direct dissect with plugin

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Tue, 17 Jan 2006 03:47:30 -0800

Lars Dörner wrote:

Is there a possibility to write in a plug-in something that allows ethereal
to use the dissector automatically?

I mean without selecting "decode as" ?

If it's possible to do it when the dissector is built in, it's possibleto do it if the dissector is a plugin.

The Protocol is running on TCP.


You'd either need to

	1) specify some port as the port your protocol uses;

	2) have that port be a configuration option;

3) come up with a heuristic that checks some data in the packet to seeif it's a packet for your protocol;

if you want it to be automatic (and 2) isn't fully automatic - you'dstill need to specify the port if it's not the current setting).

Follow-Ups:
- AW: [Ethereal-dev] direct dissect with plugin
  - From: Lars Dörner

References:
- [Ethereal-dev] direct dissect with plugin
  - From: Lars Dörner