fabio matturro wrote:
One more question: My protocol has a user-defined option which allows it
to switch from
UDP to TCP(the negotitation is carried on UDP). Should I still use
conversations to keep track of this option?
And:
1) How can I make my dissector pay attention to TCP traffic (actually
UDP packets are still used in the protocol, it's not a switch from UDP
to TCP. TCP is used together with UDP)
2) What if I start capturing once the negotation is terminated?
Maybe I'd better write a heuristic similar to that written for UDP
traffic. Then I'd have no
need for conversations, i think, but I'm afraid I'd slow the dissecting
process.
If your protocol *always* uses a standard TCP port number, you could
register your dissector for that TCP port number.
Otherwise, if the TCP negotiation specifies the port number to be used
on one side of the conversation, you could create a conversation (if you
know the IP addresses that will be used on both sides) and make the
dissector for your protocol the dissector for that conversation.
Otherwise, you'll probably need a heuristic. Each heuristic can slow
dissection down, but if the heuristics don't do too much, they shouldn't
slow dissection down too much.
If you start capturing once the negotiation is terminated, you'll either
1) need to use a heuristic;
2) need a preference setting to specify the port number to use;
3) need to register the dissector as one that *could* be used with TCP
by calling dissector_add_handle(), and then use the "Decode As" menu to
specify via the UI that a particular port number should be decoded with
your dissector.