I see, Thanks
but here I want to use ip.ttl to instruct wireshark to handoff packet to my
dissector.
In my specific situation, ip.ttl is my only way to distinguish my packets.
Do you have any suggestions?
Thanks again
> From: g...@alum.mit.edu
> Date: Sat, 25 Jun 2011 23:04:43 -0700
> To: wireshark-dev@wireshark.org
> Subject: Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
>
>
> On Jun 25, 2011, at 10:26 PM, John x wrote:
>
> > Why cannot I use ip, like: heur_dissector_add("ip", dissect_PROTOABBREV,
> > proto_PROTOABBREV); ?
>
> Because IP has a protocol number field, and protocols running on top of IP
> are supposed to have a protocol number assigned to them, so a dissector for
> the protocol does not *need* to be a heuristic dissector - it just needs to
> register itself with the "ip.proto" protocol table with the protocol number.
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
