Wireshark-dev: Re: [Wireshark-dev] Dissector - how to reject packets

From: "Barnes, Pat" <Pat.Barnes@xxxxxxxxxxxxxxxxxx>
Date: Mon, 14 Jul 2008 10:30:23 +1000
The application whose traffic I'm interested uses only Modbus messages
0x03 and 0x17, with register addresses above 1000. Each packet is
similar to an RPC call or response.

The mbtcp dissector claims to intrepret the entire packet, but part of
the relevant data I want to show is claimed by the dissector and not
displayed.


-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Thursday, 10 July 2008 6:48 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissector - how to reject packets


On Jul 9, 2008, at 6:50 PM, Barnes, Pat wrote:

> The dissector I'm working on overrides the mbtcp dissector, to display

> a particular subset of the protocol in application-specific detail.

"Subset" in what sense?

Does your dissector dissect some packets differently from the way the
mbtcp dissector does, or does it, for example, dissect some fields that
are just shown as uninterpreted bytes by the mbtcp dissector?

And how does it recognize the packets that it needs to dissect?
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev



DISCLAIMER:---------------------------------------------------------------------------
This e-mail transmission and any documents, files and previous e-mail messages
attached to it are private and confidential. They may contain proprietary or copyright
material or information that is subject to legal professional privilege. They are for
the use of the intended recipient only.  Any unauthorised viewing, use, disclosure,
copying, alteration, storage or distribution of, or reliance on, this message is
strictly prohibited. No part may be reproduced, adapted or transmitted without the
written permission of the owner. If you have received this transmission in error, or
are not an authorised recipient, please immediately notify the sender by return email,
delete this message and all copies from your e-mail system, and destroy any printed
copies. Receipt by anyone other than the intended recipient should not be deemed a
waiver of any privilege or protection. Thales Australia does not warrant or represent
that this e-mail or any documents, files and previous e-mail messages attached are
error or virus free.
--------------------------------------------------------------------------------------