You say your data is XDR encoded.
Is your data also transported ontop of ONC-RPC? If so your protocol is not
running ontop of TCP, then it is running ontop of ONC-RPC.
If so, look at packet-nlm.c for examples on how to write an ONC-RPC
dissector.
If ethereal knows about your ONC-RPC program number Ethereal will find which
packets are your protocol and which are not.
----- Original Message -----
From: Wasiq Nadeem KHAN
Subject: [Ethereal-dev] following up another dissector after the TCP one..
Hi,
I was wondering about something...I have a XDR encoded data that i am
providing as a payload to a a protocol say X. Protocol X has its own
respective input values provided to its header and the whole protocol is
then inserted as payload to a TCP stream
Suppose that if I want to sniff this stream, then Ethereal will use the TCP
dissector and show the TCP content. But how does Ethereal know that the next
dissector or plugin which it needs to implement is for Protocol X. Even if
it is able to find out that the next protocol is protocol X, then again for
the payload, it would need another dissector for (initally decoding XDR and)
showing the actual data that was transmitted...
I am in a bit of fix here, because unfortunately, there are no specific port
numbers that are specified, so I cannot hard core in TCP to look for a
certain port number and then handover to another dissector. Also, TCP itself
does not give any way within itself (in its header) to identify some type of
value so that it can be looked at and accordingly a subtree of the dissector
X can be created. Once this is done, using the dissector for the XDR data
would not be a problem , cause i can hardcore it in the same dissector as
for protocol X.
I hope someone out there can help me out there...cause i really cannot see
how Ethereal can be configured to sniff packets relating to my protocol X on
the TCP stream.In case i have not been able to clear my point, I would be
more than happy to clearify, but as i dont have a lot of experience in
ethereal development, i am a little lost at this...
THanks in advance,
Wasiq
Do you Yahoo!?
Yahoo! Movies - Buy advance tickets for 'Shrek 2'
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev