Isn't it true that myDissector only gets called if the TCP data length >
0? Therefore, since a TCP ACK (data length = 0) will not cause
myDissector to be called.
I'm new to this whole process!
-Tim
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Wednesday, June 21, 2006 11:59 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Disectors & conversations
>
> Hi,
>
> How about
>
> if (check_col(pinfo->cinfo, COL_PROTOCOL))
> {
> col_set_str(pinfo->cinfo, COL_PROTOCOL, "myProtocol" );
> }
>
> Thanx,
> Jaap
>
> On Wed, 21 Jun 2006, Cook, Timothy wrote:
>
> > We have written a new dissector for Wireshark. Using the the
> > README.developer (plus other dissector examples) made the creation
> > very simple (thanks for the detailed info).
> >
> > My dissector hooks TCP port 1000.
> >
> > How can I hook TCP packets (SYN/FIN/RST/...) and change the
> Protocol
> > column data to mimic the respective dissector.
> >
> > I want to be able to filter based on the protocol & get the whole
> > conversation, including the channel open & close.
> >
> >
> > -Tim
> >
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> ______________________________________________________________
> _______________
> Scanned by IBM Email Security Management Services powered by
> MessageLabs. For more information please visit
> http://www.ers.ibm.com
> ______________________________________________________________
> _______________
>