Wireshark-dev: Re: [Wireshark-dev] Can't see my protocol in "Decode As ..." menu
From: "Glenn Shirley" <[email protected]>
Date: Wed, 23 Jan 2008 14:00:54 +1100
Hi Guy,

> On Jan 22, 2008, at 6:36 PM, Glenn Shirley wrote:
> > Hi Anders (et. al.),
> >
> > My protocol is based on an RTP payload type (e.g. 100) so my 
> > dissector_add is as follows:
> 	...
> > As mentioned before this was all working on a windows build 
> but that 
> > was a long time ago so I may have forgotten something.
> Your protocol can't show up correctly in "Decode As..." 
> because "Decode As..." has no provision for RTP; it only 
> handles Ethertypes, IP protocol types, and TCP and UDP port 
> numbers.  It never did have any provision for RTP, so I doubt 
> you were *ever* able to see your protocol in the right place 
> in "Decode As..."; if you'd registered it in the "tcp.port" 
> or "udp.port" table, it'd show up for "Transport", but that 
> would mean that the packet would be *directly* handed to your 
> protocol's dissector, rather than being handed to the RTP 
> dissector with the RTP dissector handing the payload to your 
> dissector.

Yep, very true.

> Given RTP dynamic protocol types, perhaps "Decode As..." 
> should be enhanced to support RTP, and give a list of all 
> protocols for which dissectors have been registered with the 
> "rtp.pt" table?

That would be nice.  The "Decode As" functionality is very limited as is
(but still very handy).  Being able to decode on a range of other fields
would be extremely handy.

See also my last email to the list about things working when I disable all
but the essential protocols so looks like this is some sort of clash issue
with the payload type.


No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.19.9/1238 - Release Date: 22/01/2008
8:12 PM