Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dis

From: "Armin Zimmermann" <Eddie.1@xxxxxx>
Date: Fri, 24 Apr 2009 15:53:34 +0200
> What you should do is have a *heuristic* dissector, which you would  
> register with
> 
> 	heur_dissector_add("udp", dissect_red, proto_red);
> 
> dissect_red() would return a gboolean - FALSE if the packet isn't a  
> packet for your protocol, TRUE if it is.  It would probably look like
> 
> 	static gboolean
> 	dissect_red(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
> 	{
> 		if (tvb_reported_length(tvb) != CORRECT_DATA_LENGTH)
> 			return FALSE;
> 
> 		dissect the packet;
> 
> 		return TRUE;
> 	}

Thank you for your answer. The heuristic dissector is exactly what I needed.

But there is another question: How can I check whether it is a UDP-package or a TCP-package? Is there something like ip.proto==0x06 ?
-- 
Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss f�r nur 17,95 Euro/mtl.!* http://dslspecial.gmx.de/freedsl-surfflat/?ac=OM.AD.PD003K11308T4569a