On Dec 12, 2006, at 12:34 AM, UsAaR33 wrote:
I implemented the dissect function as per the template of
README.developer and am using new_create_dissector_handle to
register my
dissector. Indeed, the logic appears to be working - the packets
that I
don't recognize as my own (invalid headers) are not dissected by my
dissector. However, for some strange reason they are not being
dissected by the SMB dissector either - rather they are merely left as
"TCP".
Only one dissector can be registered for a particular port number; the
last one registered wins (and one should think of "who wins" as random
- it's actually predictable, but we don't guarantee we won't change
it). Yours is probably getting registered last.
Note also that the NetBIOS Session Service dissector, which is what
normally registers for port 139, is *not* a heuristic or new-style
dissector - it always accepts packets, so, even if multiple dissectors
could be registered for a particular port number, if the NetBIOS
Session Service dissector saw the packet first, no other dissector
would get a chance.
I suspect this is not a rare occurrence (though I couldn't find any
information about it on the web). Would anyone know how to ensure
that
both my own - and the SMB - dissector can run?
Register as a heuristic dissector, reject all packets not for port
139, reject all packets that your dissector doesn't recognize, and set
the "Try heuristic sub-dissectors first" preference for the TCP
dissector to "true".
Either that, or stop using a port that's already assigned to the
NetBIOS Session Service for your protocol.