Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Unable to add my dissector for tcp.dstport

From: Vikas Jain <jain_vikas@xxxxxxxxxxx>
Date: Tue, 15 Jan 2008 05:09:39 +0000
Thanks for your responses. I am going to implement as per your suggestions.

-Vikas


> Date: Fri, 11 Jan 2008 23:57:59 -0800
> From: guy@xxxxxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] Unable to add my dissector for tcp.dstport
>
> Vikas Jain wrote:
>
> > The protocol for which I am implementing my dissector has messages both
> > that are sent by the client to the server port 50505 and and by the
> > server (from port 50505) to the client. The messages are different in
> > both the directions and each of these messages has a message_id field as
> > the first field whose value is not globally unique. Therefore, it is
> > possible for me to get a Message_X (message_id = 1) going to port 50505
> > and get a Message_Y (message_id = 1) coming from port 50505. So, in
> > order to dissect/parse the messages correctly, I need the sense of
> > direction.
>
> Then you look at pinfo->destport.
>
> However, you can use the same dissect_foo() routine to dissect *both*
> directions; if the messages have completely different formats, do
>
> static void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree*
> tree)
> {
> if (pinfo->destport == 50505)
> dissect_foo_request(tvbuf, pinfo, tree);
> else
> dissect_foo_response(tvbuf, pinfo, tree);
> }
>
> with separate dissect_foo_request() and dissect_foo_response() routines
> in the same file.
>
> > I added the following to the dissect_foo() function yesterday and I
> > think this is what Abhik is probably referring to as well:
> >
> > void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree* tree)
> > {
> > if ( (pinfo->ptype != PT_TCP) || (pinfo->destport != 50505) )
> > return;
>
> That means that responses won't get dissected at all - and you don't
> need to check for PT_TCP, as long as you only register with "tcp.port" -
> you won't get called for a UDP or SCTP port
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev


Fly HYD-BLR for Rs.499 Log on to MakeMyTrip! Check it out!