On Tue, Dec 03, 2002 at 03:39:08PM -0500, Parks, Chauni wrote:
> Are they any examples of header files that have been dissected in the
> Ethereal tar ball? I am trying to dissect the payload section of TCP and I'm
> using homegrown middleware header files that will be dissected.
Ethereal doesn't dissect header files - "header file" generally refers
to C or C++ ".h" files. Ethereal dissects packet headers.
At least half of the Ethereal source tarball is code to dissect packet
headers; if there weren't any such code, Ethereal wouldn't be very
interesting. :-)
If you mean that you want to write a dissector for a protocol that runs
atop TCP, then:
the README files (such as "README.developer") in the "doc"
subdirectory of the Ethereal source are a good place to start;
the "packet-*.c" files in the top-level directory are the
protocol dissectors.
Look for dissectors for protocols that run atop TCP, as TCP-based
protocols are somewhat special - TCP segment boundaries aren't
meaningful to protocols running atop TCP, so you may have to handle
higher-level packets that cross TCP segment boundaries.