Thank you
Yes it is that TTL changes in-flight. But my packets are captured on a specific link, there are only 2 or 3 kinds of packets. The way to distinguish them is only the TTL value.
So here if IP.ttl doesnot work, how to instruct wireshark to handoff the 3 different kinds of packets to my 3 different dissectors?
Thanks
> From: guy@xxxxxxxxxxxx
> Date: Sun, 26 Jun 2011 11:58:17 -0700
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
>
>
> On Jun 25, 2011, at 11:45 PM, John x wrote:
>
> > but here I want to use ip.ttl to instruct wireshark to handoff packet to my dissector.
>
> Why? The TTL value changes in-flight, so it cannot be meaningfully used to distinguish what protocol is being carried in an IP packet.
>
> > In my specific situation, ip.ttl is my only way to distinguish my packets.
>
> What is your specific situation? What is it you're trying to do?
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
