Steve,
I think I have found the problem.
Depending upon the packet type, the decode of the bytes following the packet type is different.
example: Packet Type 0
Trans type
Seq Num
Info type
Info State
Packet Type 2
Trans type
Seq Num
SPID
Message type
So the manner in which I was decoding the packet was wrong.
I'm not sure how to have different paths for decoding of packets. Any ideas of the protocol that I should look at for this type of decode?
Regards
Craig
----- Original Message ----
From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Wed, 5 May, 2010 2:58:15 PM
Subject: Re: [Wireshark-dev] Dissector skipping packets
On Tue, May 04, 2010 at 08:28:38PM -0700, Craig Bumpstead wrote:
> I have created a dissector for a proprietary dissector and at the
> moment it doesn't seem to decode packets 3, 6, 9, 12 etc.
>
> I have put a breakpoint on dissect_myproto(tvbuff_t *tvb, packet_info
> *pinfo, proto_tree *tree), but it doesn't even enter that function on
> the above listed packets.
> Not sure what is intercepting the packet before my dissector.
My first guess was that the packets not being handed to your dissector
are TCP segments that are reassembled. However, that would make more
sense if it was dissecting packets 3, 6, 9 not everything but those.
What protocol(s) does your dissector use? How are you registering it in
proto_reg_handoff_<your proto>()? Are packets 3, 6, 9 different in some
way?
--
Steve
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
