Wireshark · Wireshark-dev: [Wireshark-dev] Heuristic Dissector Priority

[Richard Maudsley <richard.maudsley@xxxxxxxxxxxxx>]

My plugin registers a UDP heuristic dissector which handles several protocols multiplexed on the same port. This is working fine, except that one of the built-in Wireshark dissectors is picking up packets before I get a chance to see them and blocks my dissector from running, even though I would be able to return TRUE from the dissector procedure and handle the packet.

 

At first I started looking for some sort of priority setting (a simple integer precedence on the dissector would have made sense), but it doesn’t look like such a thing exists. Then I started looking into more complicated solutions, such as disabling the offending dissector, allowing my dissector to run, and invoking it afterwards as a sub-dissector.

 

Any hints on how to do this properly would be greatly appreciated.

Regards, Richard

 

Richard Maudsley | Junior Systems Developer

Office: +44 (0)207 990 0900 | Fax: +44 (0)203 355 4262

UK Office: First Floor, Vectra House, 36 Paradise Road, Richmond, TW9 1SE

Website: www.powwownow.co.uk

 

 

The information contained in this email and attachments is confidential and is intended for the exclusive use of the individual(s) or organisation(s) specified herein. Unauthorised dissemination, copying of content, misuse or wrongful disclosure of information contained herein is strictly prohibited and may be illegal. Views expressed in this message are those of the individual sender, unless the sender specifically states them to be the views of an organisation/employer. If you have received this email in error, delete it and contact the sender on +44 207 990 0900. Please rely on your own virus check as no responsibility is taken by the sender for damage arising from any virus infection this communication may contain