On Sep 10, 2009, at 4:30 PM, vinayak kamath wrote:
We have our own custom decoder for a tweaked version of RTCP protocol.
Heres the code snippet where in we say anything on this udp.port
send the message to custom decoder.
##########################################################
if(!TWS_PortList("FOO", configFile, (int*)portList, MAXPORTS))
{
while (count < MAXPORTS && portList[count]!=0)
{
dissector_add("udp.port", portList[count], foo_handle);
count++;
}
}
##########################################################
But still wireshark decodes it as RTCP rather than FOO.
The dissector to which foo_handle refers is a non-heuristic dissector;
if RTCP's "Try to decode RTCP outside of conversations" preference is
set, the heuristic RTCP dissector will try to recognize RTCP packets.
If UDP's "Try heuristic sub-dissectors first" preference is set, the
UDP dissector will try heuristic dissectors before trying non-
heuristic dissectors; that means that if the RTCP dissector recognizes
packets for your tweaked protocol, it will dissect those packets and
your dissector will not be given a chance to dissect them. If that
preference is set, try unsetting it.