Hello,
I am afraid there is no reasonable way how to do it in the current version of Wireshark.
The TCP dissector does not call subdissectors for packets without data.
Maybe I am wrong and somebody else know the way.
Regards,
Tomas
________________________________
Od: wireshark-dev-bounces@xxxxxxxxxxxxx za uživatele Cook, Timothy
Odesláno: st 21.6.2006 17:38
Komu: wireshark-dev@xxxxxxxxxxxxx
Předmět: [Wireshark-dev] Disectors & conversations
We have written a new dissector for Wireshark. Using the the README.developer (plus other dissector examples) made the creation very simple (thanks for the detailed info).
My dissector hooks TCP port 1000.
How can I hook TCP packets (SYN/FIN/RST/...) and change the Protocol column data to mimic the respective dissector.
I want to be able to filter based on the protocol & get the whole conversation, including the channel open & close.
-Tim
<<winmail.dat>>