Wireshark-dev: Re: [Wireshark-dev] register own protocol whith dissector tables ???
|
Hi,
How about
moving this line
foo_handle =
create_dissector_handle(dissect_foo, proto_foo);
Before:
dissector_add("q931.ie",0xFE,foo_handle); /*0xFE is identifier of my protocol*/ From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of H F Sent: den 17 juni 2008 15:15 To: wireshark-dev@xxxxxxxxxxxxx Subject: [Wireshark-dev] register own protocol whith dissector tables ??? Hi!!! I'm
writing a plugin for our program's own protocol, which encapsulates a whole
'q931' package in user-user
information element (look
at the end of massage in red ). In the first time ; I would just write a small program to check the right place to register my Protocol, and display :
Q.931
..
.
User-user
Information element: User-user
Length:
15
Protocol discriminator: User-specific
protocol
User information:
mytype protocol ( 0xFE)
Texte:
B30C07498131323533357F0182 I register my protocol with the table (q931.ie ) like this : dissector_add(dissector table name, value in that table, mytype_handle) ====>dissector_add("q931.ie",0xFE,foo_handle)
when Wireshark build !! I dont get error, but It has no effect on Wireshark. This
function is called to register my protocol: proto_reg_handoff_ipnet(void) {
static
gboolean initialized = FALSE;
if
(!initialized) {
q931_ie_handle = find_dissector("q931.ie");
dissector_add("q931.ie",0xFE,foo_handle);
/*0xFE is identifier of my protocol*/
foo_handle = create_dissector_handle(dissect_foo,
proto_foo);
initialized = TRUE;
} }; My question :* you think that its the good
table ?!!!
* How can I register my Protocol
correctly? No.
Time
Source
Destination
Protocol
Info 203
15.094231 10.24.30.13
10.24.30.15
Q.931 CS: setup
SETUP Frame 203 (210 bytes on wire, 210 bytes
captured) Arrival
Time: Jun 2, 2008
17:57:50.481268000 [Time
delta from previous captured frame: 0.016456000
seconds] [Time
delta from previous displayed frame: 15.094231000
seconds] [Time
since reference or first frame: 15.094231000
seconds] Frame
Number: 203 Frame
Length: 210 bytes Capture
Length: 210 bytes [Frame
is marked: False]
[Protocols in frame: eth:ip:tcp:q931:q931:h225:q931]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp] Ethernet II, Src: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c), Dst:
Ericsson_52:f2:14 (00:80:37:52:f2:14)
Destination: Ericsson_52:f2:14
(00:80:37:52:f2:14)
Address: Ericsson_52:f2:14
(00:80:37:52:f2:14) ....
...0 .... .... .... .... = IG bit: Individual address
(unicast) ....
..0. .... .... .... .... = LG bit: Globally unique address (factory
default) Source:
Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
Address: Ericsson_fb:c0:9c
(00:01:ec:fb:c0:9c) ....
...0 .... .... .... .... = IG bit: Individual address
(unicast) ....
..0. .... .... .... .... = LG bit: Globally unique address (factory
default) Type: IP
(0x0800) Internet
Protocol,
Src: 10.24.30.13 (10.24.30.13), Dst: 10.24.30.15
(10.24.30.15) Version:
4 Header
length: 20 bytes
Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding;
ECN: 0x00) 1011
10.. = Differentiated Services Codepoint: Expedited Forwarding
(0x2e)
.... ..0. =
ECN-Capable Transport (ECT): 0 ....
...0 = ECN-CE: 0 Total
Length: 196
Identification: 0xf0fa (61690) Flags:
0x00 0...
= Reserved bit: Not set .0..
= Don't fragment: Not set ..0.
= More fragments: Not set Fragment
offset: 0 Time to
live: 64
Protocol: TCP (0x06) Header
checksum: 0x3836 [correct]
[Good: True] [Bad
: False] Source:
10.24.30.13 (10.24.30.13)
Destination: 10.24.30.15 (10.24.30.15) Transmission
Control Protocol,
Source
port: mxomss (1141)
Destination port: h323hostcall (1720) Sequence
number: 1 (relative
sequence number) [Next
sequence number: 157
(relative sequence number)]
Acknowledgement number: 1 (relative ack
number) Header
length: 20 bytes Flags:
0x18 (PSH, ACK) 0...
.... = Congestion Window Reduced (CWR): Not
set .0..
.... = ECN-Echo: Not set ..0.
.... = Urgent: Not set ...1
.... = Acknowledgment: Set ....
1... = Push: Set ....
.0.. = Reset: Not set ....
..0. = Syn: Not set ....
...0 = Fin: Not set Window
size: 5840
Checksum: 0xc1ad [validation disabled]
[Good Checksum: False] [Bad
Checksum: False] TPKT, Version: 3, Length:
156 Version:
3
Reserved: 0 Length:
156 Q.931 Protocol
discriminator: Q.931 Call
reference value length: 2 Call
reference flag: Message sent from originating
side Call
reference value: 012A Message
type: SETUP (0x05) Bearer
capability
Information element: Bearer capability
Length: 3 1...
.... = Extension indicator: last octet .00.
.... = Coding standard: ITU-T standardized coding
(0x00) ...0
1000 = Information transfer capability: Unrestricted digital information
(0x08) 1...
.... = Extension indicator: last octet .00.
.... = Transfer mode: Circuit mode (0x00) ...1
0000 = Information transfer rate: 64 kbit/s
(0x10) 1...
.... = Extension indicator: last octet ...0
0101 = User information layer 1 protocol: Recommendation H.221 and H.242
(0x05) Called
party number: '129'
Information element: Called party
number
Length: 4 ....
1001 = Numbering plan: Private numbering
(0x09) .100
.... = Number type: Subscriber number (0x04) 1...
.... = Extension indicator: last octet
Called party number digits: 129
User-user
Information element: User-user
Length: 133
Protocol discriminator: X.208 and X.209 coded user
information H.225.0
CS H323-UserInformation h323-uu-pdu h323-message-body: setup
(0)
setup
protocolIdentifier: 0.0.8.2250.0.2 (Version
2)
h245Address: ipAddress (0)
ipAddress
ip: 10.24.30.13 (10.24.30.13)
port: 2002
sourceInfo
.... ...0 mc: False
0... .... undefinedNode: False
destinationAddress: 1 item
Item 0
Item: dialedDigits (0)
dialedDigits: 129
.... 0... activeMC: False
conferenceID:
00000018-3e17-fb70-0008-467f00b63678
conferenceGoal: create (0)
create: NULL
callType: pointToPoint (0)
pointToPoint: NULL
sourceCallSignalAddress: ipAddress (0)
ipAddress
ip:
10.24.30.13 (10.24.30.13)
port: 1720
callIdentifier
guid:
00000018-3e17-fb70-0008-467f00b63678
0... .... mediaWaitForConnect: False
1... .... canOverlapSend: True
0... .... h245Tunneling: False
tunnelledSignallingMessage
tunnelledProtocolID
id: tunnelledProtocolObjectID (0)
tunnelledProtocolObjectID: 1.3.12.9
(SNMPv2-SMI::org.12.9)
messageContent: 1
item
Item 0
Item: 46 octets
Q.931
Protocol discriminator: Q.931
Call reference value length: 2
Call reference flag: Message sent from originating
side
Call reference value: 0053
Message type: SETUP (0x05)
Bearer capability
Information element: Bearer capability
Length: 3
1... .... = Extension indicator: last
octet
.00. .... = Coding standard: ITU-T standardized coding
(0x00)
...0 0000 = Information transfer capability: Speech
(0x00)
1... .... = Extension indicator: last
octet
.00. .... = Transfer mode: Circuit mode
(0x00)
...1 0000 = Information transfer rate: 64 kbit/s
(0x10)
1... .... = Extension indicator: last
octet
...0 0011 = User information layer 1 protocol: Recommendation G.711 A-law
(0x03)
Channel identification
Information element: Channel
identification
Length: 3
1... .... = Extension indicator: last
octet
.0.. .... = Interface identifier present:
False
..1. .... = Interface type: Primary rate
interface
.... 1... = Indicated channel is exclusive: Exclusive; only the indicated
channel is acceptable
.... .0.. = D-channel indicator: False
.... ..01 = Information channel selection: Channel indicated in following
octets (0x01)
1... .... = Extension indicator: last
octet
.00. .... = Coding standard: ITU-T standardized coding
(0x00)
...0 .... = Number/map: Channel indicated by
number
.... 0011 = Element type: B-channel units
(0x03)
1... .... = Extension indicator: last
octet
.000 0010 = Channel number: 2
Non-locking shift to codeset 5: Information elements for national
use
Unknown information element (0x31)
Information element: Unknown (0x31)
Length: 1
Data:
80
Called party number: '129'
Information element: Called party
number
Length: 4
.... 1001 = Numbering plan: Private numbering
(0x09)
.100 .... = Number type: Subscriber number
(0x04)
1... .... = Extension indicator: last
octet
Called party number digits: 129
High-layer
compatibility
Information element: High-layer
compatibility
Length: 2
.00. .... = Coding standard: ITU-T standardized coding
(0x00) High
layer characteristics identification:
Telephony
User-user
Information element: User-user
Length: 15
Protocol
discriminator: User-specific protocol
User information: FEB30C07498131323533357F0182 (0xFE is identifier of own
protocol) 0000 00 80 37 52 f2
14 00 01 ec fb c0 9c 08 00 45 b8
..7R..........E. 0010 00 c4 f0 fa 00
00 40 06 38 36 0a 18 1e 0d 0a 18
[email protected]...... 0020 1e
0030 16 d0 c1 ad 00
00 03 00 00 9c 08 02 01 2a 05 04
.............*.. 0040 03 88 90 a5 70
04 c9 31 32 39 7e 00 85 05 20 d0
....p..129~... . 0050 06 00 08 91 4a
00 02 00 0a 18 1e 0d 07 d2 00 00
....J........... 0060 01 01 00 45 c0
00 00 00 18 3e 17 fb 70 00 08 46
...E.....>..p..F 0070
0080 06 b8 11 00 00
00 00 18 3e 17 fb 70 00 08 46 0090 00 b6 36 78 01
00 01 80 10 88 01 00 35 00 03 2b
..6x........5..+ 00a0 0c 09 01 2e 08
02 00 53 05 04 03 80 90 a3 18 03
.......S........ 00b0 a9 83 82 9d 31
01 80 70 04 c9 31 32 39 7d 02 91
....1..p..129}.. 00c0 81 7e
00d0 01 82
. Best
Regards Plus de 15 millions de français utilisent Windows Live Messenger ! Téléchargez Messenger, c'est gratuit ! |
- References:
- Prev by Date: [Wireshark-dev] register own protocol whith dissector tables ???
- Next by Date: Re: [Wireshark-dev] register own protocol whith dissector tables ???
- Previous by thread: [Wireshark-dev] register own protocol whith dissector tables ???
- Next by thread: Re: [Wireshark-dev] register own protocol whith dissector tables ???
- Index(es):