Wireshark · Wireshark-dev: Re: [Wireshark-dev] Same protocol dissector in built-in and plugin form coexisting under different n

Wireshark-dev: Re: [Wireshark-dev] Same protocol dissector in built-in and plugin form coexisti

From: Anders Broman <anders.broman@xxxxxxxxxxxx>

Date: Mon, 31 Oct 2011 15:39:05 +0100

Hi,

If possible it's better to try to do that via hooks in the existing dissector.

packet-gtp.c has a dissector table to dissect protocol extension by vendor ID if the protocols extension mechanism is used.

Regards

Anders

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of David Wei HX
Sent: den 31 oktober 2011 08:51
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Same protocol dissector in built-in and plugin form coexisting under different names?

Dear Wireshark community,

Is it possible to have two dissectors for the same protocol, one built-in and one as a plugin, with the plugin having a slightly different name that can dissect additional (perhaps proprietary) information?

For example, without modifying the built-in GTP dissector, can I add a GTP-Ericsson dissector as a plugin and disable the built-in GTP dissector by modifying the disabled_protos file?

I have attempted this but found that I must modify libwireshark.def and recompile in order for the plugin to find certain definitions.

Best regards,

David Wei

References:
- [Wireshark-dev] Same protocol dissector in built-in and plugin form coexisting under different names?
  - From: David Wei HX

Prev by Date: Re: [Wireshark-dev] support for Bluetooth protocol live capture
Next by Date: Re: [Wireshark-dev] Affix bluetooth stack
Previous by thread: [Wireshark-dev] Same protocol dissector in built-in and plugin form coexisting under different names?
Next by thread: [Wireshark-dev] Affix bluetooth stack
Index(es):
- Date
- Thread