Hi,
I want to dissect a tcp protocol that is attached to a specific port, say 1234.
I went through the example in
http://ethereal.hostingzero.com/docs/edg_html/#ChapterDissection
and looked at doc/README.plugins
I've got something working, but only in one direction (see ouput below). I've
been looking through the "web of info" for the past 2 hours and can't figure
how to get ethereal to dissect packets with a _destination_ port that matches
a particular
port specified in my dissector plugin via:
dissector_add( "tcp.port", global_foo_port, foo_handle );
I've seen http://www.ethereal.com/faq.html#q11.3
and tried the "right click" thing and that doesn't work.
I tried searching through all the source for "dissector_" to see of I could
get a clue as to what I'm doing wrong, but I ... do not have a clue :(
I'm built from ethereal-0.10.14.tgz on a redhat linux distribution.
Maybe my build is somehow bad --- does anyone have an idea of how to
check/debug the fundamental the port matching? I can't see where both the
source and destination ports are checked.
Any ideas. Please help.
Thanks,
Ron
/root
ron :^| tethereal -i lo -c 8 port 1234
Capturing on lo
1 0.000000 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
2 0.001285 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
3 0.001527 127.0.0.1 -> 127.0.0.1 TCP 49879 > 1234 [ACK] ...
4 0.001921 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
5 0.002204 127.0.0.1 -> 127.0.0.1 TCP 49879 > 1234 [ACK] ...
6 0.002474 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
7 0.002738 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)
8 0.002973 127.0.0.1 -> 127.0.0.1 FOO Type (0x0001)