Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Sub-dissector without heuristics

From: David Venz <david.venz@xxxxxxxxx>
Date: Sat, 20 Nov 2010 22:24:12 +1000
Hello all.
 
Currently writing dissectors for a related family of proprietary protocols atop TCP.  They all have similar top-level framing, so I started out writing a plugin dissector for that top level.  But I don't have any way of directly or heuristically detecting the payload type and calling the appropriate sub-dissector.  If there was an extra level of 'decode as' available it might work - is there?  (I suspect not).  Otherwise, am I basically stuck putting the common code in a library and writing a top-level dissector per payload type?

Alternatively, is there a way of going to a TCP message, saying 'decode as' payload type A dissector, and having the payload type A dissector first call/insert a parent dissector between the TCP message and itself?
 
Thanks in advance,
-Dave.