Ethereal-users: Re: [Ethereal-users] How to make Q931 dissector to handle ethernet\ip\tcp\udp

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Corpse" <ip-corpse@xxxxxxx>
Date: Fri, 1 Mar 2002 12:28:47 +0300
----- Original Message -----
From: "Guy Harris" <guy@xxxxxxxxxx>
To: "Corpse" <corpse@xxxxxxxxxx>
Cc: "Ethereal" <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, March 01, 2002 2:29 AM
Subject: Re: [Ethereal-users] How to make Q931 dissector to handle
ethernet\ip\tcp\udp\q931 packets?


> On Thu, Feb 28, 2002 at 05:35:48PM +0300, Corpse wrote:
> > I have an opportunity to send Q.931 packets through local network to
> > specified port using UDP protocol.  As an option, I can send LAPD or
> > HDLC packets also.  I use my own code for Q.931/PRI and LAPD, and want
> > to analize traffic on L3, or both layers, using local network.
> >
> > Can I use ethereal to capture and dissect such packets?
>
> Not without changing it.
>
> > If no, then what is required to activate Q.931 dissector?
>
> If you are sending Q.931 and LAPD inside UDP with no additional headers,
> then you should modify the Q.931 dissector so that
> "proto_reg_handoff_q931()" does
>
> dissector_handle_t q931_handle;
>
> q931_handle = find_dissector("q931");
>
> dissector_add("udp.port", {q931-portnum}, q931_handle);
>
> where {q931-portnum} is the UDP port number you're using for Q.931, and
> you should modify the LAPD dissector so that "proto_reg_handoff_lapd()"
> does, after the existing call to "dissector_add()":
>
> dissector_add("udp.port", {lapd-portnum}, lapd_handle)
>
> where {lapd-portnum} is the UDP port number you're using for LAPD.

That`s ok, but can I make so that LAPD packets, going inside UDP, would be
dissected by LAPD dissector, and their body (DL-DATA-RQ, DL-DATA-IND) would
be dissected by Q931 dissector? The question is: where from does LAPD
dissector expect packets to come, and how can I give it expected packets? It
is more simple to me to put LAPD packets into UDP, but isn`t it a wrong way?
I would like to slave the LAPD dissector, if it is not very difficult.

> There is no HDLC dissector in Ethereal - there's a "Cisco HDLC"
> dissector, but that's not really normal HDLC, and there are dissectors
> for various specific HDLC-based protocols (LAPB, LAPD, 802.2 LLC) where
> there's a convention or standard for the protocol that runs above them -
> so there's no HDLC dissector to modify.

Thanx, but I don`t really need to analize HDLC packets. I only need to
analize LAPD and Q931.
 _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>