Hi,
Your dissector will be called a couple of times to build
the various parts of the Wireshark GUI. If the user clicks on a packet it will
be called again.
So, it all comes down to carefull coding. I can't look at
your code, but it may be that you keep state between packets in the dissector,
which isn't the way to do it.
Thanx,
Jaap
I'm working on a dissector for a proprietary protocol, and I'm
running into some interesting issues. I'm running on debian 4, with
wireshark 0.99.4 (for some legacy reasons).
First, I'd like to know if
anyone knows why exactly my dissector gets called three times for each single
packet. If I just haven't been able to find it in a manual, I'd appreciate
anyone pointing out the location.
Anyway, due to the triple call,
when I try to call a proto_tree_add_text(), I get some asymmetric results,
sometimes I get one text item, which is what I wanted, other times, I get 2,
which I can't explain.
Any ideas?
Thanks for your
time,
Roger