Wireshark mailing list archives
Re: compiling dissector plugin
From: Christopher Maynard <Chris.Maynard () gtech com>
Date: Mon, 8 Nov 2010 18:25:25 +0000 (UTC)
Lange Jan-Erik <Jan-Erik.Lange@...> writes:
Ok, before I go further I have to clarify some things. I want to implement a
protocol, that is not Ethernet
compliant. As I see it, you can tell wireshark to use a certain dissector for
a certain protocoll and port by
the function
dissector_add("udp.port", FOO_PORT, foo_handle);
How can I implement a dissector for a non ethernet compliant protocoll?
dissector_add() is used for more than just UDP. In fact, many dissectors
register their ethertypes using dissector_add("ethertype", ETHERTYPE_FOO,
foo_handle); You will likely need to register similarly with whatever protocol
yours is encapsulated in.
Alternatively, you might use heur_dissector_add() if yours is a heuristic based
dissector, in other words if there's no definitive way for the protocol carrying
your traffic to know for certain if the traffic is yours or not. Read more
about heuristic dissectors in doc/README.heuristic.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- compiling dissector plugin Lange Jan-Erik (Nov 05)
- Re: compiling dissector plugin Christopher Maynard (Nov 05)
- Re: compiling dissector plugin Lange Jan-Erik (Nov 06)
- Re: compiling dissector plugin Christopher Maynard (Nov 08)
- Re: compiling dissector plugin Lange Jan-Erik (Nov 06)
- Re: compiling dissector plugin Christopher Maynard (Nov 05)