Hi,
I know understand how everything is working fine!
The tcp in the opposite direction was mainly just ACKs, so with no data,
no further dissectors are called! -- This is just fine.
Sorry to bother you.
Thanks,
Ron
> Hi,
> I want to dissect a tcp protocol that is attached to a specific port, say 1234.
> I went through the example in
> http://ethereal.hostingzero.com/docs/edg_html/#ChapterDissection
> and looked at doc/README.plugins
>
> I've got something working, but only in one direction (see ouput below). I've
> been looking through the "web of info" for the past 2 hours and can't figure
> how to get ethereal to dissect packets with a _destination_ port that matches
> a particular
> port specified in my dissector plugin via:
> dissector_add( "tcp.port", global_foo_port, foo_handle );
>
> I've seen http://www.ethereal.com/faq.html#q11.3
> and tried the "right click" thing and that doesn't work.
>
> I tried searching through all the source for "dissector_" to see of I could
> get a clue as to what I'm doing wrong, but I ... do not have a clue :(
>
> I'm built from ethereal-0.10.14.tgz on a redhat linux distribution.
> Maybe my build is somehow bad --- does anyone have an idea of how to
> check/debug the fundamental the port matching? I can't see where both the
> source and destination ports are checked.
>
> Any ideas. Please help.
> Thanks,
> Ron
>
> /root
> ron :^| tethereal -i lo -c 8 port 1234
> Capturing on lo
> 1 0.000000 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
> 2 0.001285 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
> 3 0.001527 127.0.0.1 -> 127.0.0.1 TCP 49879 > 1234 [ACK] ...
> 4 0.001921 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
> 5 0.002204 127.0.0.1 -> 127.0.0.1 TCP 49879 > 1234 [ACK] ...
> 6 0.002474 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
> 7 0.002738 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
> 8 0.002973 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
>
