Thanks .
But in preferences i don't have "Try to decode RTCP outside of conversations" preference set. Even then it decodes as RTCP rather than FOO.
Is there any way for custom dissector taking precedence over heuristic RTCP dissector??
Thanks
vinayak
On Thu, Sep 10, 2009 at 4:59 PM, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
On Sep 10, 2009, at 4:30 PM, vinayak kamath wrote:
> We have our own custom decoder for a tweaked version of RTCP protocol.
> Heres the code snippet where in we say anything on this udp.port
> send the message to custom decoder.
> ##########################################################
> if(!TWS_PortList("FOO", configFile, (int*)portList, MAXPORTS))
> {
> while (count < MAXPORTS && portList[count]!=0)
> {
> dissector_add("udp.port", portList[count], foo_handle);
> count++;
> }
> }
> ##########################################################
>
> But still wireshark decodes it as RTCP rather than FOO.
if RTCP's "Try to decode RTCP outside of conversations" preference is
set, the heuristic RTCP dissector will try to recognize RTCP packets.
If UDP's "Try heuristic sub-dissectors first" preference is set, the
UDP dissector will try heuristic dissectors before trying non-
heuristic dissectors; that means that if the RTCP dissector recognizes
packets for your tweaked protocol, it will dissect those packets and
your dissector will not be given a chance to dissect them. If that
preference is set, try unsetting it.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
