On Sat, Jan 27, 2007 at 01:06:19AM +0800, Bingyao Du wrote: > The protocol I'm dissecting has a "header" portion, that contains a > "type field", and then a payload with different format for each type. > The Header protion contains several fields. > > I thinks it's better to display the packet with two dissectors, just > looks like IP dissector and TCP dissector. What should I do? Or could > you send me an example or demo? Thanks very much.
The best/easiest way to do it is within the same dissector. A dissector you can use as an example is packet-wlccp.c. The only difference is that the version (akin to your type) field is at the beginning of the packet, but that doesn't make a difference in how it's implemented. Line 205 gets the version (type in your case) and line 208 checks if the type is 0x0 and displays fields based on that version. Line 231 checks if the version is instead 0xC1 and displays fields based on that version. Steve _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev