Wireshark mailing list archives
Re: Extending PCLI payload decoding
From: Luke Mewburn <luke () mewburn net>
Date: Wed, 27 May 2015 00:55:30 +1000
On Tue, May 26, 2015 at 10:32:06AM -0400, mmann78 () netscape net wrote: | Do you want to post your current progress to the existing review and I | can take a look at it from there? That's probably the easiest way to | look at the "rough edges". You definitely want a dissector table with | type FT_UINT32 (not a string) Done! With what's in changeset 2, I can at least use the decode as in Wireshark (with the aforementioned Qt issues on my Mac), as well as in tshark if I specific pcli.payload==0. E.g. the pcap in bug 9266 can be decoded with: ./tshark -V -d udp.port==5001,pcli -d pcli.payload==0,eth -r bug9266.pcapng As an aside, is it possible/sensible to match/couple the 'PCLI payload' decode choice with the udp.port that selected PCLI? I.e. use the udp.(dst)port as the pcli.payload choice in dissector_try_uint(), so allowing different UDP ports be decoded as different PCLI payloads. If a file has PCLI-as-Ethernet on port 3000 and PCLI-as-IP on port 4000; ./tshark \ -d udp.port==3000,pcli -d pcli.payload==3000,eth \ -d udp.port==4000,pcli -d pcli.payload==4000,ip ... Or is that a silly idea? thanks, Luke.
Attachment:
_bin
Description:
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Extending PCLI payload decoding Luke Mewburn (May 24)
- Re: Extending PCLI payload decoding mmann78 (May 24)
- Re: Extending PCLI payload decoding Luke Mewburn (May 26)
- Re: Extending PCLI payload decoding mmann78 (May 26)
- Re: Extending PCLI payload decoding Luke Mewburn (May 26)
- Re: Extending PCLI payload decoding mmann78 (May 26)
- Re: Extending PCLI payload decoding Luke Mewburn (May 26)
- Re: Extending PCLI payload decoding mmann78 (May 24)