Hi,
You
can use packet-tipc.c as an example on how to register a dissector based on
ethertype:
void proto_reg_handoff_tipc(void) { dissector_handle_t
tipc_handle;
tipc_handle = create_dissector_handle(dissect_tipc,
proto_tipc); dissector_add("ethertype", ETHERTYPE_TIPC,
tipc_handle); if
(extra_ethertype) dissector_add("ethertype", ETHERTYPE_TIPC2,
tipc_handle); ip_handle =
find_dissector("ip"); }
For
UDP you can chose to register your dissector on a specific port preferably with
a preference defaulted to zero, or make a heuristic UDP
dissector
packet-sip.c can be used as a reference I think.
BR
Anders
Hello,
I'm new to wireshark development and have read the
README.developer only 1 time so far. *smile*
I've finally got a development environment with MS
VC++ 6 and cygwin working, and I've built
wireshark and have it running from the source, I then built a "dissector" with
very little/nothing in it, and I can see it in the "enable dissectors" list, but
I can't seem to select it to "force" a packet to be dissected with it, etc. So,
with my (non-plug-in) dissector, I have a build that works correctly it appears,
but my dissector doesn't yet do anything useful.
Now before I do anything useful with it, I wanted
to see it at least get "hooked into" wireshark so it'll be called when
appropriate.
I'm trying to figure out exactly how to get an
existing dissector (is that an upper or lower one??, and I'm not sure exactly
one would call my dissector(s)) to call a new dissector I'm going to write
(maybe it's really called a sub-dissector?). Actually, I have a few different ones I need to write, and so I need to
have "hooks" in for a few different cases.
Here's the cases:
a) I have a "protocol" that has a 0x6100 in the
"ethertype" field of an Ethernet packet. How do I get one of the dissectors to
call mine if it sees this in the packet?
I also have 2 more "protocols" that are similar
with 0x6101 and 0x6102 in that field.
I don't have the capture file in front of me to be
more specific.
b) I have a set of messages that are IP/UDP, and
they have specific information in the first few bytes of the "data" part of a
UDP packet. How do I "hook in" my dissector for this case?
Any help is greatly
appreciated.
|