Hello, in the Wireshark GUI did you try the "Decode As" functionality ? You get it in the right-clic on a packet (or in Analyze menu). You also can have a look at Analyze -> Enabled protocols.
see : https://www.wireshark.org/docs/wsug_html_chunked/ChUseAnalyzeMenuSection.html Eugene Le mar. 16 avr. 2019 à 23:22, David Ameiss <[email protected]> a écrit : > > I've developed a dissector for a custom protocol used by my company. The > protocol starts out as HTTP, as in an HTTP GET, but after that uses the > "custom" part - not HTTP at all. > > The problem I'm running into is that, once a conversation is identified > by the HTTP dissector as being HTTP (due to the first message, which IS > HTTP), it stays that way. My dissector isn't called. I've added my > dissector as a heuristic dissector for HTTP, but that doesn't seem to > help. And unfortunately (since subsequent packets are not HTTP) I don't > have Content-Type to steer the packets my way. > > Subsequent packets appear as HTTP Continuation, BTW. > > Is there some way to tell HTTP not to treat following packets for that > conversation as HTTP, and to pass them to my dissector? Or a way to call > the HTTP dissector (from my dissector) for the first packet WITHOUT it > being "marked" as HTTP forever and ever? > > -- > David Ameiss > [email protected] > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
