Hello,
When dissecting packet, my custom protocol gets overwritten by higher level UDP. I can see my protocol being displayed for few seconds and then gets overwritten by higher level UPD in the Protocol and Info columns.
Any idea what could be causing this?
Thanks in advance.
Is it a higher-level UDP protocol that's overwriting it? I.e., your protocol is carrying (tunneling) UDP?
Or is it the lower-level UDP (i.e., your protocol is over UDP)?
Finally, what version of Wireshark are we talking about here?
Given your description that your protocol is displayed for a few seconds before being overwritten it sounds like (regardless of the answers to the above questions) that your dissector is not setting the columns on the 2nd (and subsequent) dissections of the packets. Check to make sure your col_set*() calls aren't inside a check on/conditional of pinfo->fd->flags.visited or whether tree is set or not.
It is the higher level-UDP protocol which is overwriting my protocol. I am using wireshark 2.6. I can confirm that col_set*() is not inside a condition. The dissector has been implemented using tap so perhaps tap_listener is overwriting it?
Comments