Wireshark mailing list archives
Re: Dissecting protocol running under UDP
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 12 Oct 2009 13:20:41 -0400
Beth wrote:
I am working with a plugin dissector that handles a protocol running under IEEE 802.15.4. The source code for this dissector (written by someone else) combines the 802.15.4 dissection with the other protocol. I am attempting to split the existing plugin into a separate plugin for the other protocol, and use it with the Wireshark builtin 802.15.4 dissector instead of the homegrown one. Here is the hitch I have encountered: The sniffer I was given encapsulates the 802.15.4 packets as UDP payloads. The plugin I'm working on adds itself to the "udp.port" dissector list for the appropriate port#, but the builtin 802.15.4 dissector only adds itself to "ethertype". Can someone advise me on the best way to proceed from here? I see the following options: 1. Give up on using the builtin 802.15.4 dissector, just keep using the one I have. 2. Modify the builtin dissector so that it adds itself to "udp.port" instead of "ethertype". (Which means I will no longer be able to distribute just the plugins to other users of this protocol; they will need the modified Wireshark build as well.) 3. Find a way to modify the builtin dissector so that it works for this sniffer *without* affecting how it works for everyone else, and submit the patch for approval. (Would only do this if it were likely that others might need a similar feature.)
4. Write another dissector that registers for the appropriate "udp.port" and calls find_dissector("wpan") (or "wpan-nofcs" or one of the other names for that dissector) to get a handle to the 802.15.4 dissector. When this dissector is handed packets it can pass the appropriate part of the payload to the built-in 802.15.4 dissector. For a simple example of that, look at packet-mtp2.c who dissects MTP2 headers before passing the remaining payload to the MTP3 dissector. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissecting protocol running under UDP Beth (Oct 12)
- Re: Dissecting protocol running under UDP Jeff Morriss (Oct 12)
- Re: Dissecting protocol running under UDP Beth (Oct 12)
- Re: Dissecting protocol running under UDP Jeff Morriss (Oct 12)