On Nov 9, 2010, at 11:00 PM, Kristian Martens wrote: Is it possible to set a wireshark dissector for potocol layers atop of an
dissector if wireshark is not able to determine which dissector shall be
used?
Yes. If yes, how can this be achieved?
I developed a propriatary protocol dissector which is working fine. This
protocol transports a standardized protocol also being available in
wireshark.
If your proprietary protocol transports *only* the standardized protocol, then see Anders' response. That requires that the standardized protocol's dissector register itself by name.
If it can transport other protocols, and the proprietary protocol packets carry enough information to determine what protocol is being transported, you might be able to set up a dissector table in your proprietary protocol and modify the dissectors for the other protocols to register in that dissector table, or you might have to have the dissectors for the other protocols register themselves by name, if they don't already do so. I thought I could select this protocol in the "decode as..."
dialog but it is not available there.
"Decode As…" is not a general mechanism, it's a specialized mechanism that knows about a small set of protocols and handoff mechanisms. It might be nice to generalize it (and to have the information in dissector tables come from a configuration file rather than from calls in dissectors), but that hasn't been done at this point. | 