On Nov 24, 2009, at 11:42 AM, Beth wrote:
I am trying to rewrite an existing dissector for a proprietary
protocol that, in fact, is only a slight variation on a standard
protocol that is supported by a builtin Wireshark dissector.
The proprietary frame begins with some special fields, followed by a
normal frame of the standard protocol BUT the checksum at the end of
the normal frame
That sounds a bit like a link-layer protocol; when capturing traffic,
sometimes the link-layer FCS is present and sometimes it isn't, so at
least some link-layer protocol dissectors have variants that might or
might not assume the FCS is there or might check something to
determine whether it's there.
If the dissector you're calling is like that, perhaps you can dissect
the special fields, hand the normal frame to the "no FCS" version of
the dissector, and then dissect (and check) the FCS yourself. If the
dissector you're calling isn't like that, perhaps it should be made
like that.
