Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] dissecting multiple items inside one frame

From: Zoran Bošnjak <Zoran.Bosnjak@xxxxxxxxxxxxxxxxxx>
Date: Tue, 19 Aug 2008 14:50:41 +0200
Dear wireshark developers,
please advice how to dissect multiple pdus inside single udp payload. There are some examples how to reassamble fragmented payload and disselection is then seen on last frame (not sure??). But I couldn't find any example for opposite problem, how to first split payload and then dissect each part independantly as if it was captured alone.

Could this be done inside dissector or prior to dissector?

My protocol inside UDP payload is in the form:
[type(1byte)][len(2bytes)][data(variable)][type][len][data]...[type][len][data]

After dissecting everything, I would like to have a separate line (in a main window) for each pdu ([type][len][data]) so that I could use "Info" column for each subitem and to filter (and display) only individual subitems.

For now I am only able to dissect all PDUs inside the same tree (multiple subtrees in dissect window), but display filtering does not work or is very limited in this case.

Thanks for your help.

Zoran