Ethereal-dev: Re: [Ethereal-dev] How can I dissect the packet deep than ether layer

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 05 Dec 2004 05:46:53 -0800
Flier Lu wrote:

hi!

I wrote some python wrapper module for libethereal to extend
PyWireTap, it can dissect packet now, but I can only got ether layer
dissection result like this:


That's not even Ethernet layer.


I have called epan_init, read_prefs, prefs_apply_all, init_dissection
functions in orders, and can got fully protocol/field tree with
proto_get_first_protocol/proto_get_next_protocol functions, what's
else I need ?
You presumably called "epan_dissect_new()" to create an "epan_dissect_t", and called "epan_dissect_run()" to dissect the packet, right? 

If not, you should.
If so, did you fill in *all* the members of the "frame_data" structure you passed to "epan_dissect_run()", including filling in "fdata->lnk_t" with the "pkt_encap" value in the "wtap_pkthdr" structure you got from Wiretap? If not, you should.