THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 1
BMWE's avatar
1
BMWE
asked 2019-06-11 06:28:28 +0000

distinguish dissectors using same udp port

Hello all,

I have 2 dissectors using same udp port (7555).

How can I register and distinguish between those two simultaneously in wireshark? For one of them I knows that it udp length is for sure greater than of the other one. Each one of them has specific IP convention (i.e 1st one is 1.1.1XX.11, 2nd is 2.2XX.22.2)

Currently my association of the protocols to the udp is as follows

local p_multi = Proto("multi", "MultiProto");    
....
....
local wtap_encap_table = DissectorTable.get("wtap_encap")
local udp_encap_table = DissectorTable.get("udp.port")

wtap_encap_table:add(wtap.USER15, p_multi)
wtap_encap_table:add(wtap.USER12, p_multi)
udp_encap_table:add(7555, p_multi)