> On Thu, Sep 10, 2009 at 4:59 PM, Guy Harris <
guy@xxxxxxxxxxxx> wrote:
>
>> On Sep 10, 2009, at 4:30 PM, vinayak kamath wrote:
>>
>>> We have our own custom decoder for a tweaked version of RTCP protocol.
>>> Heres the code snippet where in we say anything on this udp.port
>>> send the message to custom decoder.
>>> ##########################################################
>>> if(!TWS_PortList("FOO", configFile, (int*)portList, MAXPORTS))
>>> {
>>> while (count < MAXPORTS && portList[count]!=0)
>>> {
>>> dissector_add("udp.port", portList[count], foo_handle);
>>> count++;
>>> }
>>> }
>>> ##########################################################
>>>
>>> But still wireshark decodes it as RTCP rather than FOO.
>> The dissector to which foo_handle refers is a non-heuristic dissector;
>> if RTCP's "Try to decode RTCP outside of conversations" preference is
>> set, the heuristic RTCP dissector will try to recognize RTCP packets.
>>
>> If UDP's "Try heuristic sub-dissectors first" preference is set, the
>> UDP dissector will try heuristic dissectors before trying non-
>> heuristic dissectors; that means that if the RTCP dissector recognizes
>> packets for your tweaked protocol, it will dissect those packets and
>> your dissector will not be given a chance to dissect them. If that
>> preference is set, try unsetting it.
