I have a protocol that is built on UDP and that is partly dissected

Question

0

Asked: May 26, 20262026-05-26T20:50:50+00:00 2026-05-26T20:50:50+00:00

I have a protocol that is built on UDP and that is partly dissected

0

I have a protocol that is built on UDP and that is partly dissected by a third party dll in Wireshark. I now want to create a custom dissector to apply to the remaining field “data”.

Is it possible to do so and should I use a dissector, post-dissector or a listener or a combination of them to accomplish this? Or do I have to re-write the third party dissector to one that calls my dissector on the remaining data?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T20:50:50+00:00

As John Zwinck mentioned, you probably do want something like a chained dissector, which you can manage fairly straightforwardly in either Lua or C. To that end, you certainly do want to implement your logic as a dissector. In Lua, something like this:

do
    --TODO set up your extra "data" field
    local tcp_table = DissectorTable.get("tcp.port")
    local third_party_dissector tcp_table:get_dissector(PROTO_PORT)

    function your_protocol.dissector(tvb, pinfo, tree)
         --call the third party dissector
         third_party_dissector:call(tvb, pinfo, tree)
         --TODO do what you need with the data
    end

    --take over the port your protocol runs over
    tcp_table_add(PROTO_PORT, your_protocol)
end

Keep the API on hand, but keep in mind also that Lua dissectors in Wireshark are really just for prototyping; they are less efficient than equivalent C-based dissectors, and the API tends to lag several versions behind the C dissection API.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a protocol that is built on UDP and that is partly dissected

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply