Guy Harris wrote:
> > My dissector only handles UDP packets, but strangely the stop-packets
> > are all TCP packets and I have verified that my dissector never even
> > gets called for them.
>
> A dissector for one protocol can set up future (in the sense of "later in the capture") packets to or from certain endpoints to be dissected as a particular protocol. This is used, for example, for protocols such as SIP, which initiate a session and specify "use port XXX" for that session, so that future UDP traffic to or from port XXX should be dissected as RTP for that session.
>
> What protocol(s) are in the TCP packets in question?
Thats it!
I'm doing a dissector to decode the H.460.19 RTP multiplexing used by
H.323 and the packets I have to ignore contain openLogicalChannel
messages that probably set up rules to decode future packets as RTP.
Is there a way to override these rules for future packets ?
Or is the only way to adapt the dissector for H.323 to auto detect when
RTP multiplexing is used ?
To start out I was planning to use a manual Decode As instead of the
more difficult auto-detect.
Regards,
Jan
--
Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.willamowius.de/
