Wireshark mailing list archives
Re: Wireshark Dissector
From: suraj mukade <surajmukade () gmail com>
Date: Wed, 26 Jun 2013 09:53:52 +0530
Hi Harris, Thanks for the precise answer. I understood thing dissector_add_uint(); But I am not clear with dissector table concept. Let me explain, My Ethernet frame will have some Ethernet type value (for example "ABCD")which wireshark doesn’t understand. So if the frame with Ethernet type value="ABCD" comes how wireshark will know that it has to call my dissector? What is the way to register that value. Sorry if I am wrong I am trying to analog it with the call dissector_add("udp.port", global_foo_port, foo_handle); where we are requesting Wireshark to call foo_handle on receiving packet on UDP port global_foo_port. In short is it not sufficient to do similar call as in case of UDP? On Wed, Jun 26, 2013 at 6:37 AM, Guy Harris <guy () alum mit edu> wrote:
On Jun 25, 2013, at 12:31 AM, suraj mukade <surajmukade () gmail com> wrote:How to call your own dissector based on type field in Ethernet? Aftergetting Type value from Ethernet frame,I want to dissect the custom Ethernet frame with some added fields and then proceed the normal dissection. The answer to your question depends on how your protocol works. If the data in a packet using your protocol looks something like: Ethernet destination Ethernet source The type field value you've registered with the IEEE for your protocol Fields for your protocol, including something to indicate what protocol comes after it Those protocols then you would have your dissector do dissector_add_uint("ethertype", {your ethertype value}, {a handle for your dissector}); where {your ethertype value} is the Ethernet type value registered for your protocol and {a handle for your dissector} is, well, a handle for your dissector, created with, for example, register_dissector() or new_register_dissector() or create_dissector_handle() or new_create_dissector_handle(). Your dissector would then either define a dissector table for the field that indicates what protocol comes after (and you'd have to change other dissectors to register in that table) or, if the field is a protocol type field that already exists, such as an Ethernet type value, you could just do something such as ethertype_dissector_table = find_dissector_table("ethertype"); in your reg_handoff routine and then call dissector_try_uint() with the Ethernet type field's value when it's time to dissect the payload. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
-- Thank You, "The only thing in the world we need to fear is fear itself" Suraj Mukade, Scientific Officer, Bhabha Atomic Research Center, Mumbai.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark Dissector suraj mukade (Jun 25)
- Re: Wireshark Dissector Guy Harris (Jun 25)
- Re: Wireshark Dissector suraj mukade (Jun 25)
- Re: Wireshark Dissector Guy Harris (Jun 25)
- Re: Wireshark Dissector suraj mukade (Jun 25)
- Re: Wireshark Dissector suraj mukade (Jun 25)
- Re: Wireshark Dissector Guy Harris (Jun 25)