Wireshark-users: Re: [Wireshark-users] Wireshark dissectors port preference
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 23 Nov 2009 12:36:54 -0800

On Nov 23, 2009, at 7:48 AM, sean bzd wrote:

I have two custom protocol dissectors. The first dissector (first.dll) dissects tcp traffic on particular port(say 12345) and then it needs to hand off the rest of the data to the second dissector (second.dll). Is there a way to let wireshark know that any traffic from and to 12345 port FIRST needs to be parsed by first.dll and THEN by second.dll??


You have the second dissector register itself by name, with register_dissector(), in its register routine; you have the first dissector find the second dissector by name, in its register-handoff routine, and save as a global variable the dissector handle it gets back; and then, when the first dissector hands off the rest of the data to the second dissector, it does so using call_dissector() with the handle in question.