Wireshark mailing list archives

Re: Wireshark Dissector

From: Guy Harris <guy () alum mit edu>
Date: Tue, 25 Jun 2013 18:07:58 -0700


On Jun 25, 2013, at 12:31 AM, suraj mukade <surajmukade () gmail com> wrote:

How to call your own dissector based on type field in Ethernet? After getting Type value from Ethernet frame,I want 
to dissect the custom Ethernet frame with some added fields and then proceed the normal dissection.


The answer to your question depends on how your protocol works.

If the data in a packet using your protocol looks something like:

        Ethernet destination
        Ethernet source
        The type field value you've registered with the IEEE for your protocol
        Fields for your protocol, including something to indicate what protocol comes after it
        Those protocols

then you would have your dissector do

         dissector_add_uint("ethertype", {your ethertype value}, {a handle for your dissector});

where {your ethertype value} is the Ethernet type value registered for your protocol and {a handle for your dissector} 
is, well, a handle for your dissector, created with, for example, register_dissector() or new_register_dissector() or 
create_dissector_handle() or new_create_dissector_handle().

Your dissector would then either define a dissector table for the field that indicates what protocol comes after (and 
you'd have to change other dissectors to register in that table) or, if the field is a protocol type field that already 
exists, such as an Ethernet type value, you could just do something such as

        ethertype_dissector_table = find_dissector_table("ethertype");

in your reg_handoff routine and then call dissector_try_uint() with the Ethernet type field's value when it's time to 
dissect the payload.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Wireshark Dissector suraj mukade (Jun 25)
- Re: Wireshark Dissector Guy Harris (Jun 25)
  - Re: Wireshark Dissector suraj mukade (Jun 25)
    - Re: Wireshark Dissector Guy Harris (Jun 25)
    - Re: Wireshark Dissector suraj mukade (Jun 25)