Wireshark-dev: Re: [Wireshark-dev] packet parsing question

From: "Piety, Timothy [USA]" <piety_timothy@xxxxxxx>
Date: Thu, 29 May 2008 15:44:55 -0400
I will be calling it from a JAVA application using JNI. Not sure how whether or not I run Ethernet affects this situation. I will not be requiring wireshark to access the network at all. I simply have a packet of data from another application that I can convert to whatever C structure/datatype I need to. I would like to be able to pass that "packet" to wireshark to parse and then I will access the wireshark structure to get the parsed values. 
 
As I look through the code I do not think wireshark was created for this, but would like to see if it is possible. It would allow me to reuse the protocol dissectors. I think the dissectors in wireshark have been tested and would simply like to reuse them.
 
Do this clarify things?
 
thanks

________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Anders Broman
Sent: Thu 5/29/2008 3:31 PM
To: 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] packet parsing question



Hi,

How does your application get called from the network stack?

Wireshark works in a similar way so the answer depends on what your protocol run:

Ethernet ATM FR TCP UDP SCTP....

Regards

Anders

 

________________________________

Från: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Piety, Timothy [USA]
Skickat: den 29 maj 2008 20:32
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] packet parsing question

 

Okay. I did a quick read through the README.developers doc and didn't see anything that looked like it applied. I also took a look at the README.design and a couple of other README docs. I have been looking through code, but I am kind of stuck right now. I guess I was looking for an overview of the flow. I thought that might help "unstick" me.

 

Am I missing something or is this all there is? I do not think I have a "conversation" as described in the README.developer doc. What I have is a packet that I know the protocol and simply want wireshark to dissect it. Is it possible for me to have wireshark easily do this?

 

 

thanks,

________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Luis EG Ontanon
Sent: Thu 5/29/2008 10:45 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] packet parsing question

You want to read doc/README.developer from the src tree.


On Thu, May 29, 2008 at 4:31 PM, Piety, Timothy [USA]
<piety_timothy@xxxxxxx> wrote:
> Hi,
>
> I am trying to figure out how wireshark actually does teh dissection of a
> packet. I have a packet and I know the protocol, but do not have a parser
> for it. I would like to be able to give the packet to wireshark and have
> wireshark parse it then read the values back form the appropriate structure.
>
> I have been looking a the code and do not see where wireshark a determines
> what the protocol is and which specific dissector to call. I have been able
> to find out where it determines which file type the input file is. I
> have traced the code into a routine called call_dissector_through_handle in
> packet.c. This appears to call the specific dissector through
> dissector_handle funtion pointer. I cannot find where the dissector_handle
> is set.
>
> Am I on the right track? Any guidance would be appreciated.
>
> thanks,
>
> Tim
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

<<winmail.dat>>