Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Extending the DHCP dissector

From: "Borz, John (IPG-Roseville R&D)" <john.borz@xxxxxx>
Date: Fri, 25 Sep 2009 23:46:36 +0000

Will look into that option.  It’s definitely worth a try.

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Beth
Sent: Friday, September 25, 2009 4:22 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Extending the DHCP dissector

 

In the Wireshark wiki there is a Lua code example for a chained dissector: 
http://wiki.wireshark.org/Lua/Dissectors

It looks like they simply add the new dissector into the parent protocol's dissector table with the same port as the original, thereby overwriting its entry in the dissector table.  If you made a new bootp dissector as a plugin, could you do the same trick to replace the existing builtin dissector without having to rebuild Wireshark?  You'd have to build the plugin of course, but you wouldn't need a custom wireshark build.