Wireshark mailing list archives
Re: Dissecting a portion of a protocol owned byanotherdissector
From: "Jeremy O'Brien" <obrien654j () gmail com>
Date: Tue, 23 Feb 2010 16:01:52 -0500
I actually figured out a solution to my problem. I was fortunate in wanting to dissect a field in an HTTP payload. I completely looked over the fact that HTTP has all of its fields neatly laid out with strings, so I'm just intercepting the http dissector, doing a couple strstr()'s on it, and giving it back to the http dissector if I'm not interested in it. On Tue, Feb 23, 2010 at 15:47, Maynard, Chris <Christopher.Maynard () gtech com> wrote:
Which field of which dissector are you interested in? If you're lucky, it might already be available to your plugin in the packet_info struct. - Chris -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Jeremy O'Brien Sent: Tuesday, February 23, 2010 2:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Dissecting a portion of a protocol owned byanotherdissector Hmm... I was trying to avoid touching any existing dissectors to allow my plugin to be as modular as possible. There's no other (easy) way? On Tue, Feb 23, 2010 at 14:11, Anders Broman <a.broman () telia com> wrote:Hi, Not easily, but if you are doing something reasonably like dissecting Vendor specific fields a patch to the existing dissector providing a "hook" For a plugin would be acceptable, like registering a dissector table a Custom plugin could register in. Regards Anders -----Ursprungligt meddelande----- Från: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] För Jeremy O'Brien Skickat: den 23 februari 2010 19:02 Till: Developer support list for Wireshark Ämne: [Wireshark-dev] Dissecting a portion of a protocol owned by anotherdissector Hello, I am trying to write a wireshark plugin that dissects only a certain field of another dissector. I read about writing tap dissectors, but these seem to still receive entire packets rather than just the portion I'm interested in. I am trying to avoid copying large chunks of the main dissector just to get down to the area my dissector is interested in. Does wireshark provide a way to do this? Thank you, Jeremy ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissecting a portion of a protocol owned by another dissector Jeremy O'Brien (Feb 23)
- Re: Dissecting a portion of a protocol owned by anotherdissector Anders Broman (Feb 23)
- Re: Dissecting a portion of a protocol owned by anotherdissector Jeremy O'Brien (Feb 23)
- Re: Dissecting a portion of a protocol owned byanotherdissector Maynard, Chris (Feb 23)
- Re: Dissecting a portion of a protocol owned byanotherdissector Jeremy O'Brien (Feb 23)
- Re: Dissecting a portion of a protocol owned by anotherdissector didier (Feb 23)
- Re: Dissecting a portion of a protocol owned by anotherdissector Jeremy O'Brien (Feb 23)
- Re: Dissecting a portion of a protocol owned by anotherdissector Anders Broman (Feb 23)