Re: Wireshark Dissector

[suraj mukade <surajmukade () gmail com>]

Hi Harris,
Thanks for the precise answer. I understood thing dissector_add_uint();
But I am not clear with dissector table concept.
Let me explain, My Ethernet frame will have some Ethernet type value (for
example "ABCD")which wireshark doesn’t understand.
So if the frame with Ethernet type value="ABCD" comes how wireshark will
know that it has to call my dissector?
What is the way to register that value.

Sorry if I am wrong I am trying to analog it with the call
dissector_add("udp.port", global_foo_port, foo_handle);
where we are requesting Wireshark to call foo_handle on receiving packet on
UDP port global_foo_port.

In short is it not sufficient to do similar call as in case of UDP?




On Wed, Jun 26, 2013 at 6:37 AM, Guy Harris <guy () alum mit edu> wrote:

> On Jun 25, 2013, at 12:31 AM, suraj mukade <surajmukade () gmail com> wrote:
>
> > How to call your own dissector based on type field in Ethernet? After
> getting Type value from Ethernet frame,I want to dissect the custom
> Ethernet frame with some added fields and then proceed the normal
> dissection.
>
> The answer to your question depends on how your protocol works.
>
> If the data in a packet using your protocol looks something like:
>
>         Ethernet destination
>         Ethernet source
>         The type field value you've registered with the IEEE for your
> protocol
>         Fields for your protocol, including something to indicate what
> protocol comes after it
>         Those protocols
>
> then you would have your dissector do
>
>          dissector_add_uint("ethertype", {your ethertype value}, {a handle
> for your dissector});
>
> where {your ethertype value} is the Ethernet type value registered for
> your protocol and {a handle for your dissector} is, well, a handle for your
> dissector, created with, for example, register_dissector() or
> new_register_dissector() or create_dissector_handle() or
> new_create_dissector_handle().
>
> Your dissector would then either define a dissector table for the field
> that indicates what protocol comes after (and you'd have to change other
> dissectors to register in that table) or, if the field is a protocol type
> field that already exists, such as an Ethernet type value, you could just
> do something such as
>
>         ethertype_dissector_table = find_dissector_table("ethertype");
>
> in your reg_handoff routine and then call dissector_try_uint() with the
> Ethernet type field's value when it's time to dissect the payload.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe



-- 
Thank You,



"The only thing in the world we need to fear is fear itself"
Suraj Mukade,
Scientific Officer,
Bhabha Atomic Research Center, Mumbai.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe