Wireshark mailing list archives
Vendor-specific dissectors for 802.11
From: Иван Николов <ivannikolov007 () gmail com>
Date: Sun, 13 Aug 2017 17:10:41 +0300
Hello, I'm working on a way to parse a vendor-specific packets IEEE 802.11 packets, in particular I want to analyze packet captures from ESP8266 (the ESP-NOW protocol). I wrote a proof-of-concept dissector for the protocol and edited the `epan/dissectors/packet-ieee80211.c` file and inserted my dissector manually in the `add_ff_action_vendor_specific` function then recompiled Wireshark from the modified source. While this did work for me, I can't help but feel like this is a problem that could be solved better - right now I have to recompile Wireshark from source on every release. The function I'm referencing has a `switch` statement for the OUI with 2 cases (OUI_MARVELL and OUI_WFA) and a default case, which has a comment "Don't know how to handle this vendor". I'd like to ask whether the community is interested in a patch, including another dissector table for that very purpose - allowing Wireshark users to write dissectors in Lua and to not have to patch C code in order to analyze traffic, containing unknown 802.11 vendor-specific data. I'm interested in implementing this functionality, but I'm unsure if I have the required knowledge of the inner workings of Wireshark. Moreover, I'm not sure if the decision to NOT include such a dissector table is intentional. I'm hoping someone can point me to the 'correct' way to solve the problem of dissectors for vendor specific data, or in case this is not currently possible, this post starts a discussion on the topic of whether this is needed in Wireshark and how to properly implement this at the architecte level. I previously asked a similar question in the ask.wireshark.org portal - https://ask.wireshark.org/questions/56816/ieee-80211-vendor-specific-action . It includes an example capture (relevant part starts at packet No. 587). Best regards, Ivan
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Vendor-specific dissectors for 802.11 Иван Николов (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Richard Sharpe (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Michael Mann via Wireshark-dev (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Richard Sharpe (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Alexis La Goutte (Aug 14)
- Re: Vendor-specific dissectors for 802.11 Richard Sharpe (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Richard Sharpe (Aug 13)