On Feb 16, 2007, at 3:28 PM, Ravi Kondamuru wrote:
> I am trying to write a dissector for a non-standard rpc protocol.
> Writing a heuristic to automatically identify the protocol is
> getting too complicated. So, I was wondering if I could add a
> dissector that can be used when I select a connection and explictly
> say Decode As.
>
> Is it possible to do that?
If your protocol runs directly on top of UDP or TCP, yes. (If it runs
on top of some other RPC protocol - i.e., if by "rpc protocol" you
mean a protocol that is implemented using some RPC mechanism such as
ONC RPC or DCE RPC - then, no, you can't, and you *shouldn't*; there's
already a mechanism for registering dissectors for ONC RPC-based and
DCE RPC-based protocols.)
> If it is, any pointers to notes on how can it be done?
If your protocol runs on top of UDP, so that you'd want to use "Decode
As" to indicate that a particular UDP port should be used for your
protocol, then call
dissector_add_handle("udp.port", {the handle for your dissector});
If your protocol runs on top of TCP, so that you'd want to use "Decode
As" to indicate that a particular TCP port should be used for your
protocol, then call
dissector_add_handle("tcp.port", {the handle for your dissector});
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
