Wireshark offers a simple but effective option to extend its capabilities, by using Lua dissectors . Just to give an example, recently received a pcap file containing some traffic (it was RTP) encapsulated inside a UDP header. The reason for encapsulation was transporting over a VPN. I'm in such a habit to look into RTP streams on Wireshark, that I have a setting that tells it to try an interpret any UDP packet automatically as carrying RTP ( I wrote how here ). That also failed. So Wireshark was not able to interpret those frames as RTP (or anything else, for what matters), and I remembered time ago writing a custom dissector. Wireshark allows to do that simply in Lua and add it as a plugin. The code is available here . I just had to make it available inside '$HOME/.local/lib/wireshark/plugins/`.