Hi all,
I first tried the users mailing list to see if I could avoid touching
code (I'm not a programmer!), but I got no response:
http://seclists.org/wireshark/2010/May/112
THE SCENARIO: Wireshark receives wpan (802.15.4) frames from an Exegin
Q51 probe. These frames are wrapped in ZEP UDP datagrams
THE PROBLEM: IP --> UDP --> ZEP and 802.15.4 headers are decoded
properly, but the 802.15.4 payload is always decoded as ZigBee even
though there is no zigbee at all
I tried looking into packet-ieee802154.c, packet-zbee-nwk.c,
packet-6lowpan.c, etc. and I suspect that the key is
heur_dissector_add(), used to register "post-wpan" dissectors. Where
is this function?
In order to avoid this behavior,
Would be enough to simply call
call_dissector(data_handle, payload_tvb, pinfo, tree);
when trying to dissect the 802.15.4 payload, be enough?
Thanks!