Hello,
I recently started developing my first wireshark dissector, and it has
for the most part been a smooth ride.
However, one strange thing has occurred. My dissector runs on tcp port
139, which is often also used by SMB. However, if my dissector is
registered, SMB packets are not dissected - rather they are only
recognized as TCP.
I implemented the dissect function as per the template of
README.developer and am using new_create_dissector_handle to register my
dissector. Indeed, the logic appears to be working - the packets that I
don't recognize as my own (invalid headers) are not dissected by my
dissector. However, for some strange reason they are not being
dissected by the SMB dissector either - rather they are merely left as
"TCP".
I suspect this is not a rare occurrence (though I couldn't find any
information about it on the web). Would anyone know how to ensure that
both my own - and the SMB - dissector can run?
Thanks,
Aaron Staley