Wireshark-dev: [Wireshark-dev] Question concerning some specific protocol...

From: "Tobias Erichsen" <erichsen@xxxxxxxxxxxxx>
Date: Sat, 30 Sep 2006 15:37:30 +0200
Hi everyone,

I have used Ethereal/Wireshark for some time now, and I would like to
contribute by developing a protocol-plugin for a combination of a
proprietary and an open protocol based on RTP...

Both protocols run on the sample UDP port-pair tuple. The proprietary
protocol can be detected very easy, as it has an easy to distinguish
signature.  The RTP-based part is not, as RTP has really no good
recognition value.

So how would I design such a dissector, that if I detect the easy-to-
recognize proprietary protocol on a UDP-port-tuple, that I could then
heuristically see that the other datagrams will be the RTP-based ones
and hand their decoding appropriate (writing again my own dissector
for this specific RTP payload type)

Best regards,
Tobias

PS.: I will be developing & testing the stuff on Windows-platform,
cause that's what I'm most familiar with ;-)