Hi
I don't think there is (if I am wrong, please someone tell me!). I am
currently working on allowing the user to force the selection of the
next dissector using display filters (initially for TCP and UDP), which
I think would do what you want. You would use the display filter
"tcp.port" for all traffic with the TCP port set. I plan to allow the
control of this from the GUI (probably extensions to the "Decode As..."
dialog) and from Lua (if I can work out how to write the API extensions.
It is an interesting exercise...
I should have something ready within the next few weeks, but it will be
a largish patch and I don't know when the core developers would have
time to consider it given the current hectic activity.
Cheers
Doug
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Hal Lander
Sent: 15 January 2007 16:21
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] Define dissector port
Is there a way to get a dissector to run on all ports?
So far I have been explicitly adding it to a specific port e.g.
dissector_add("tcp.port",1234,handle);
TIA
Hal
P.S. Guy thanks for answering an earlier post I did not reply because I
have
been ill, I just use 'foo' as the protocol name because I am
experimenting
with wireshark.
>From: Guy Harris <guy@xxxxxxxxxxxx>
>Reply-To: Developer support list for Wireshark
><wireshark-dev@xxxxxxxxxxxxx>
>To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
>Subject: Re: [Wireshark-dev] Define dissector port
>Date: Sun, 14 Jan 2007 02:12:51 -0800
>
>sharon lin wrote:
>
> > I would like that user of my dissector will define the port on which
the
> > protocol works on from the regular expression field
> >
> > for example myProtocol.port == 1000
>
>I don't see any regular expression there.
>
>The way dissectors that let the user define the port the protocol works
>on is by adding a protocol preference with the port number. See, for
>example, epan/dissectors/packet-actrace.c.
>
>You could specify that from the command line with "-o
>myProtocol.port:1000", or from the GUI in Edit -> Preferences.
>_______________________________________________
>Wireshark-dev mailing list
>Wireshark-dev@xxxxxxxxxxxxx
>http://www.wireshark.org/mailman/listinfo/wireshark-dev
_________________________________________________________________
Find sales, coupons, and free shipping, all in one place! MSN Shopping
Sales & Deals
http://shopping.msn.com/content/shp/?ctid=198,ptnrid=176,ptnrdata=200639
This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies.
Detica Limited is registered in England under No: 1337451.
Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.
