Hi,
1. Disable the dissector you, as user, do not want.
2. Make strong heuristic determination of correct protocol and modify dissectors
accordingly.
Note that two protocols running at the same server port is actually a design
fault. Every node in the network can present services which can be accessed
through a set port. Historically the ports 1-1024 are considered "well known
ports", which means that it is very common to have certain services on certain
ports. This was later extended beyond 1024, see the services file which lists
many more services on many more ports. It's a kind of services directory. Still
this doesn't stop multiple services to be provided on the same port on different
nodes. Nothing Wireshark can do about that other than trying to make educated
(automatic/user guided) guesses.
Thanx,
Jaap
Martin Corraine (mcorrain) wrote:
Hello,
Two of my dissectors that I wrote use the same tcp port, the ged125
(being reviewed) and a proprietary protocol). Their default port is both
5000. When I have the default ports the same the ged125 fails to dissect
but the other one still functions. How do I overcome this issue?
Thanks,
martin