Wireshark mailing list archives
Re: Feeding the 802.15.4 Dissector
From: Rui Pedro Caldeira <rpcaldeira () outlook com>
Date: Wed, 31 Jul 2013 10:46:35 +0100
Hey Tomasz, thanks for the anwser. But my main question is how to write the bytes into the pipe so that Wireshark recognizes them as IEEE 802.15.4 packets, kinda like a structure that Wireshark is waiting for. I cannot just write the packet into the pipe, Wireshark gives me an error :S Thanks again Cumprimentos, Rui Pedro Caldeira On Wed, Jul 31, 2013 at 6:35 AM, Tomasz Moń <desowin () gmail com> wrote:
On Tue, Jul 30, 2013 at 3:49 PM, Rui Pedro Caldeira <rpcaldeira () outlook com> wrote:Hello, I'm using Wireshark to read from a pipe and i'm using the nativeIEEE802.15.4 dissector, but I'm having trouble feeding Wireshark the proper bytes. I've tried to search but I can't find the right sequence of bytesthedissector is waiting for. Can anyone help me? Thanks in advance.Not sure if that's exactly what you are asking for, but: 802.15.4 dissector does following in proto_reg_handoff_ieee802154: dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE802_15_4, ieee802154_handle); dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE802_15_4_NONASK_PHY, ieee802154_nonask_phy_handle); dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE802_15_4_NOFCS, ieee802154_nofcs_handle); dissector_add_uint("sll.ltype", LINUX_SLL_P_IEEE802154, ieee802154_handle); If you look into wiretap/pcap-common.c you will find that following linktypes are assigned for the WTAP_ENCAP_ defines: /* IEEE 802.15.4 Wireless PAN */ { 195, WTAP_ENCAP_IEEE802_15_4 }, ... /* IEEE 802.15.4 Wireless PAN non-ASK PHY */ { 215, WTAP_ENCAP_IEEE802_15_4_NONASK_PHY }, ... /* IEEE 802.15.4 Wireless PAN no fcs */ { 230, WTAP_ENCAP_IEEE802_15_4_NOFCS }, Now, get over to the tcpdump linktypes [1] and check the descriptions for 195, 215, 230. Choose the one that is closest match to your data and then set that number as linktype in pcap header. [1] http://www.tcpdump.org/linktypes.html ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 30)
- Re: Feeding the 802.15.4 Dissector Tomasz Moń (Jul 30)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Guy Harris (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Tomasz Moń (Jul 30)