Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dis

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 24 Apr 2009 09:44:03 -0700

On Apr 24, 2009, at 6:53 AM, Armin Zimmermann wrote:

But there is another question: How can I check whether it is a UDP- package or a TCP-package? Is there something like ip.proto==0x06 ?

If you do

	heur_dissector_add("udp", dissect_red_udp, proto_red);
	heur_dissector_add("tcp", dissect_red_tcp, proto_red);

then dissect_red_udp() knows it's been passed the payload of a UDP packet and dissect_red_tcp() knows it's been passed a TCP segment.