On Nov 10, 2009, at 11:05 AM, Sach Kmat wrote:
I have a question regarding tcp options in a dissector. I have a
dissector which dissects some specific protocols. I also need to
decode http and other common protocols, but only the TCP options part
of of these messages because i need to display some specific options,
everything else in the common protocols should be displayed a usual. I
tried doing a "decode as" for these common protocols and choosing my
dissector, but my dissect function does not seem to be called.
I was wondering if there is some way to do this.
1. to decode the options part of common protocols or say dissect all
packets and look at their options part.
2. once i decode the options part, get wireshark to do the rest of
decoding as usual.
i really appreciate any help.
As Kary Rogers said the last time you asked:
TCP options are decoded in packet-tcp.c as a part of TCP dissection.
To decode your own TCP options you'll need to extend the TCP
dissector. You might look at MSS decoding as a simple example.
Search for dissect_tcpopt_maxseg in packet-tcp.c.
Perhaps your other e-mail address isn't on the Wireshark list; replies
to messages on the list go, by default, only to the list, so if you're
not subscribed to the list, you wouldn't have seen Kary Rogers'
reply. Hopefully, your GMail address is on the Wireshark list.