Wireshark-dev: Re: [Wireshark-dev] decoding TCP options

From: Kary Rogers <kary.rogers@xxxxxxxxx>
Date: Tue, 10 Nov 2009 10:31:55 -0500
TCP options are decoded in packet-tcp.c as a part of TCP dissection. To decode your own TCP options you'll need to extend the TCP dissector.  You might look at MSS decoding as a simple example.  Search for dissect_tcpopt_maxseg in packet-tcp.c.

-kary

On Tue, Nov 10, 2009 at 3:27 AM, Sacheen Kamath <sacheen@xxxxxxxxx> wrote:
Hi,

I have a question regarding tcp options in a dissector. I have a
dissector which dissects some specific protocols. I also need to
decode http and other common protocols, but only the TCP options part
of of these messages because i need to display some specific options,
everything else in the common protocols should be displayed a usual. I
tried doing a "decode as" for these common protocols and choosing my
dissector, but my dissect function does not seem to be called.

I was wondering if there is some way to do this.
1. to decode the options part of common protocols or say dissect all
packets and look at their options part.
2. once i decode the options part, get wireshark to do the rest of
decoding as usual.

i really appreciate any help.

regards,
sk
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Kary Rogers