Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bypassing the first layer

From: Dario Lombardo <lomato () gmail com>
Date: Wed, 15 Jan 2020 14:45:54 +0100
I don't think this is what Anders was talking about. This is about extcap,
while I was referring to export_pdu.
If you or Anders can reference the right one, that would be great.
If you want to have a look at something using export_pdu creating a pcap
file, have a loot at the udpdump.c code.

On Wed, Jan 15, 2020 at 2:37 PM Juanjo Martin Carrascosa <juanjo () rti com>
wrote:


https://sharkfestus.wireshark.org/assets/presentations18/17.pptx

On Wed, Jan 15, 2020 at 2:36 PM Dario Lombardo <lomato () gmail com> wrote:


Can you share the link, for future reference?

On Wed, Jan 15, 2020 at 2:15 PM Juanjo Martin Carrascosa <juanjo () rti com>
wrote:


Found the presentation, this is fantastic.

Thanks!

On Wed, Jan 15, 2020 at 12:58 PM Anders Broman via Wireshark-dev <
wireshark-dev () wireshark org> wrote:


Hi,

In the frame layer there is the “Encapsulation type” the way the pcap
format works this indicates how the data following should be interpreted.

Linktype/encapsulation type is defined at
https://www.tcpdump.org/linktypes.html so one thing you could do is to
design your own DLT

Add whatever meta data you want and then add the RTPS data at some
position in that structure. You can try this out by using the USER DLTs in
Wireshark

Or if you do not want to request a DLT from tcpdump ( DO NOT USE ONE
WITHOUT ALLOCATING IT) you could use the Exported PDU DLT defined by
Wireshark

Epan/exported_pdu.h contains some information. If you would require new
elements for meta information that could be discussed. Adding RTSP data in

An exported_pdu DLT frame should be simple as an initial test. I think
there is a sharkfest presentation on how to add any protocol data in an
exported pdu frame with text2pcap.

Regards

Anders



*From:* Wireshark-dev <wireshark-dev-bounces () wireshark org> *On Behalf
Of *Juanjo Martin Carrascosa
*Sent:* den 15 januari 2020 12:24
*To:* Developer support list for Wireshark <wireshark-dev () wireshark org



*Subject:* Re: [Wireshark-dev] Bypassing the first layer



Hi Dario,



Could you elaborate on this? I get the idea but my knowledge about the
how is very basic.



How can this help me achieve what I need?



Thanks for the help.

Juanjo Martin



On Tue, Jan 14, 2020 at 4:48 PM Dario Lombardo <lomato () gmail com>
wrote:

You can use export_pdu. This is a layer with multiple attributes (see
epan/exported_pdu.h), but the only really needed is the proto_name, that
allows you to directly call a dissector by its name.

You will have frames with this stack: FRAME/EXPORT PDU/RTPS, that is
properly dissected by wireshark.



On Tue, Jan 14, 2020 at 4:33 PM Juanjo Martin Carrascosa <
juanjo () rti com> wrote:

Hi everyone,



RTPS is a protocol already supported by Wireshark. I have been helping
maintain that protocol these past years. It sits on top of TCP and UDP, as
well as some other transports that are not network ones (Shared Memory
typically with a proprietary implementation).



We are currently working on implementing a new logging mechanism for
our product, mainly to address the Shared Memory scenario but it can also
be really useful when RTPS is used on top of network protocols.



Problem: We can log the RTPS layer but we don't have some information
in our middleware like the Frame or Ethernet information, so we need to
make it up. This is ugly, so I am trying to avoid that:



How can I register a protocol so it is picked up instead of the Frame
layer? This is, I want to create a new protocol that detects that the
information we generate is for that protocol and the Frame protocol is not
called, but the new protocol I am creating. This new protocol will then
call the RTPS protocol to dissect the payload I want to display. We are
planning to also add some information to this custom protocol, that's why I
want it to be called first.



Note: I just came up with this solution, but if you have a different
solution for this, please let me know.



Thanks,

Juanjo Martin


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




--

Naima is online.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




--



Juanjo Martin

Principal Application Engineer

EMEA Services Lead @ Professional Services Group

Office: +34 958 27 88 62

juanjo () rti com

www.rti.com
<https://protect2.fireeye.com/v1/url?k=ef5c0e3a-b3d6db2c-ef5c4ea1-862f14a9365e-a65581b6c9ebf84e&q=1&e=75a63928-4ca4-405f-a42a-975bcffca831&u=http%3A%2F%2Fwww.rti.com%2F>



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




--

Juanjo Martin
Principal Application Engineer
EMEA Services Lead @ Professional Services Group
Office: +34 958 27 88 62
juanjo () rti com
www.rti.com



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




--

Naima is online.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




--

Juanjo Martin
Principal Application Engineer
EMEA Services Lead @ Professional Services Group
Office: +34 958 27 88 62
juanjo () rti com
www.rti.com


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




-- 

Naima is online.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: