[Richard Sharpe <rsharpe@xxxxxxxxxx>]

On Wed, 2 Oct 2002, pevee wrote:

> MessageHi, 
> 
>    I took packet-tftp.c for initial example.

You need to read more code ...
   
>    (1) I tried to modified some portion of the code /downloads/ethereal-0.9.6/packet-tftp.c
>    
>         For example:-
> 
> 
>       { &hf_tftp_opcode,
>       { "Opcode",             "tftp.opcode",
>         FT_UINT16, BASE_DEC, VALS(tftp_opcode_vals), 0x0,
>         "TFTP message type", HFILL }},
> 
>     { &hf_tftp_opcode,
>       { "XXX",             "tftp.opcode",
>         FT_UINT16, BASE_DEC, VALS(tftp_opcode_vals), 0x0,
>         "TFTP message type", HFILL }},
> 
> 
> 
>    (2) Make it                                                   /downloads/ethereal-0.9.6/make
>    (3) The changes that I made does not reflect in the Ethereal packet capturing.
>    (4) Please advice :)
> 
> Thank you
> 
> Calvin
>   ----- Original Message ----- 
>   From: Richard Urwin 
>   To: 'Visser, Martin (Sydney)' ; ethereal-dev@xxxxxxxxxxxx 
>   Sent: Monday, September 30, 2002 5:04 PM
>   Subject: RE: [Ethereal-dev] Creating a new Dissector
> 
> 
>   IMO it's well worth going the extra mile and:
>   10. Read Readme-plugins
>   11. Convert your dissector to a plug-in
> 
>   There's a fair amount of debugging to be done there as well, but you can then keep upgrading/reinstalling Ethereal without having to build your own version each time. Don't try to go straight to a plug-in, the conversion is easy and the bug list is easier to control if you do it in two steps.
> 
>   --
>   Richard Urwin, Private
>   "No 9000 series computer has ever made a mitsake or corrubiteddatatato." 
> 
>   -----Original Message-----
>   From: Visser, Martin (Sydney) [mailto:Martin.Visser@xxxxxx]
>   Sent: 30 September 2002 08:20
>   To: ethereal-dev@xxxxxxxxxxxx
>   Subject: RE: [Ethereal-dev] Creating a new Dissector
> 
> 
>   Never having created a dissector, this is how I would go about it (in my own hacker way!)
> 
>   1. Grab the source tree. 0.9.7 is the current release
>   2. There is some documentation in there on how ethereal is put together. Failing that....
>   3. Pick a currently dissected protocol, say IGMP, and do a grep/find/ etc to find the relevant dissector code. (Hint usually they are named packet-xxx.c, in this case packet-igmp.c)
>   4. Copy this dissector to yours -  packet-peveeprotocol.c .
>   5. Try to hack the dissector it to make it look like it will decode your registration packet.
>   6. Hack makefile.am to add your dissector. 
>   7. Run "make"  to hopefully compile your dissector, create the hooks into "register.c" etc, and link your dissector into ethereal.
>   8. With a long stick type "ethereal" and watch it all blow up. Then go to step 5 :-)
>   9. If it runs try it on your packet. Likely you will need to go back to step 5 again :-)
> 
>   There are probably a few bits missing here, but hopefully this will give an idea of where to start (at least until someone who has done this replies!)
> 
>   (I always find "grep -r" and using "tags" with vi, are my best friend when it comes to hacking someone elses code!!!)
>   Martin Visser
>   Network Consultant 
>   Technology & Infrastructure - Consulting & Integration
>   COMPAQ, part of the new HP
> 
>   3 Richardson Place 
>   North Ryde, Sydney NSW 2113, Australia 
>   Phone (: +61-2-9022-1670    Mobile È: +61-411-254-513
>      Fax 7: +61-2-9022-1800     E-mail + : martin.visserAThp.com 
> 
> 
> 
>     -----Original Message-----
>     From: pevee [mailto:clkuan@xxxxxxxxxxxxxxx] 
>     Sent: Monday, 30 September 2002 4:39 PM
>     To: ethereal-dev@xxxxxxxxxxxx
>     Subject: [Ethereal-dev] Creating a new Dissector
> 
> 
>     p/s: Ronnie suggested I post the message here...I could be getting more help :)...Thank you
> 
>     Hi,
> 
>        I am not sure if dissecting is the correct word to use. (could be
>     decoding new packet)
> 
>     (1) I have created a Regustration Packet which have its own format.
>     (2) How can I write a code so that ETHEREAL will well recognise it and
>     decode it
> 
>     Hope to hear from you all soon...
> 
>     Thank you
> 
>     Warm regards,
> 
>     Calvin Kaiwen
> 
> 
> 
>   _____________________________________________________________________
>   This e-mail has been scanned for viruses by the WorldCom Internet Managed Scanning Service - powered by MessageLabs. For further information visit http://www.worldcom.com
> 
>   ________________________________________________________________________
>   This email has been scanned for all viruses by the MessageLabs SkyScan
>   service. For more information on a proactive anti-virus service working
>   around the clock, around the globe, visit http://www.messagelabs.com
>   ________________________________________________________________________
> 
> 

-- 
Regards
-----
Richard Sharpe, rsharpe@xxxxxxxxxx, rsharpe@xxxxxxxxx, 
sharpe@xxxxxxxxxxxx