Wireshark-dev: Re: [Wireshark-dev] Howto unregister a dissector?
From: Stephen Fisher <[email protected]>
Date: Tue, 12 Jun 2007 22:50:23 -0700
On Mon, Jun 11, 2007 at 01:31:21PM +0200, Martin Peylo wrote:

> I'm searching for a way to unregister a dissector.

I don't think there is a way.  See below.

> My problem is that we need a specially hacked version of a protocol 
> dissector which is already built into Wireshark (lives in 
> libwireshark.so). In order not to distribute a hacked version of 
> Wireshark (for Linux, Solaris and Windows) to everybody -- each time 
> we have to change it -- it would be nice to be able to overwrite the 
> inbuilt dissector with a plugin.

Any chance of contributing your changes to the Wireshark code base for 
all to enjoy? :-)

> If I just call register_dissector(), Wireshark complains that there is 
> already a dissector registered with that name and does not start. Is 
> there any way to circumvent this? I didn't manage to find one so far.

How about registering your dissector with a slightly different name, but 
the same port?  Then going into Wireshark and disabling the built-in 
dissector through the Analyasis -> Enabled protocols menu?