Wireshark-dev: [Wireshark-dev] Wiresharlk plug-in
Hi!!!
I'm writing a plugin for our program's own protocol, which encapsulates a whole 'q931' package in user-user information element (look at the end of massage in red ),(look the packet 203 from the capture I sent )
In the first time ; I would just write a small program to check the right place to register my Protocol, and display : Q.931 ……………………………… …………………………….. ……………………………. User-user Information element: User-user Length: 15 Protocol discriminator: User-specific protocol User information: mytype protocol ( 0xFE) Texte: B30C07498131323533357F0182
I register my protocol with the table (q931.ie ) like this : dissector_add(dissector table name, value in that table, mytype_handle) ====>dissector_add('q931.ie',0xFE,foo_handle) * you think that it’s the good table ?!!! * How can I register my Protocol correctly? I think that h225 calls the Q931 dissector in packet-h323.c /* H.323, Annex M1, Tunnelling of signalling protocols (QSIG) in H.323 */ dissector_add_string('h225.tp', '1.3.12.9', q931_handle))
Best regards
This function is called to register my protocol:
proto_reg_handoff_ipnet(void) { static gboolean initialized = FALSE;
if (!initialized) {
q931_ie_handle = find_dissector('q931.ie'); dissector_add('q931.ie',0xFE,foo_handle); /*0xFE is identifier of my protocol*/ foo_handle = create_dissector_handle(dissect_foo, proto_foo);
initialized = TRUE; } };
No. Time Source Destination Protocol Info 203 15.094231 10.24.30.13 10.24.30.15 Q.931 CS: setup SETUP
Frame 203 (210 bytes on wire, 210 bytes captured) Arrival Time: Jun 2, 2008 17:57:50.481268000 [Time delta from previous captured frame: 0.016456000 seconds] [Time delta from previous displayed frame: 15.094231000 seconds] [Time since reference or first frame: 15.094231000 seconds] Frame Number: 203 Frame Length: 210 bytes Capture Length: 210 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:q931:q931:h225:q931] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c), Dst: Ericsson_52:f2:14 (00:80:37:52:f2:14) Destination: Ericsson_52:f2:14 (00:80:37:52:f2:14) Address: Ericsson_52:f2:14 (00:80:37:52:f2:14) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c) Address: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 10.24.30.13 (10.24.30.13), Dst: 10.24.30.15 (10.24.30.15) Version: 4 Header length: 20 bytes Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding; ECN: 0x00) 1011 10.. = Differentiated Services Codepoint: Expedited Forwarding (0x2e) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 196 Identification: 0xf0fa (61690) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x3836 [correct] [Good: True] [Bad : False] Source: 10.24.30.13 (10.24.30.13) Destination: 10.24.30.15 (10.24.30.15) Transmission Control Protocol, Src Port : mxomss (1141), Dst Port : h323hostcall (1720), Seq: 1, Ack: 1, Len: 156 Source port: mxomss (1141) Destination port: h323hostcall (1720) Sequence number: 1 (relative sequence number) [Next sequence number: 157 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0xc1ad [validation disabled] [Good Checksum: False] [Bad Checksum: False] TPKT, Version: 3, Length: 156 Version: 3 Reserved: 0 Length: 156 Q.931 Protocol discriminator: Q.931 Call reference value length: 2 Call reference flag: Message sent from originating side Call reference value: 012A Message type: SETUP (0x05) Bearer capability Information element: Bearer capability Length: 3 1... .... = Extension indicator: last octet .00. .... = Coding standard: ITU-T standardized coding (0x00) ...0 1000 = Information transfer capability: Unrestricted digital information (0x08) 1... .... = Extension indicator: last octet .00. .... = Transfer mode: Circuit mode (0x00) ...1 0000 = Information transfer rate: 64 kbit/s (0x10) 1... .... = Extension indicator: last octet ...0 0101 = User information layer 1 protocol: Recommendation H.221 and H.242 (0x05) Called party number: '129' Information element: Called party number Length: 4 .... 1001 = Numbering plan: Private numbering (0x09) .100 .... = Number type: Subscriber number (0x04) 1... .... = Extension indicator: last octet Called party number digits: 129 User-user Information element: User-user Length: 133 Protocol discriminator: X.208 and X.209 coded user information H.225.0 CS H323-UserInformation h323-uu-pdu h323-message-body: setup (0) setup protocolIdentifier: 0.0.8.2250.0.2 (Version 2) h245Address: ipAddress (0) ipAddress ip: 10.24.30.13 (10.24.30.13) port: 2002 sourceInfo .... ...0 mc: False 0... .... undefinedNode: False destinationAddress: 1 item Item 0 Item: dialedDigits (0) dialedDigits: 129 .... 0... activeMC: False conferenceID: 00000018-3e17-fb70-0008-467f00b63678 conferenceGoal: create (0) create: NULL callType: pointToPoint (0) pointToPoint: NULL sourceCallSignalAddress: ipAddress (0) ipAddress ip: 10.24.30.13 (10.24.30.13) port: 1720 callIdentifier guid: 00000018-3e17-fb70-0008-467f00b63678 0... .... mediaWaitForConnect: False 1... .... canOverlapSend: True 0... .... h245Tunneling: False tunnelledSignallingMessage tunnelledProtocolID id: tunnelledProtocolObjectID (0) tunnelledProtocolObjectID: 1.3.12.9 (SNMPv2-SMI::org.12.9) messageContent: 1 item Item 0 Item: 46 octets Q.931 Protocol discriminator: Q.931 Call reference value length: 2 Call reference flag: Message sent from originating side Call reference value: 0053 Message type: SETUP (0x05) Bearer capability Information element: Bearer capability Length: 3 1... .... = Extension indicator: last octet .00. .... = Coding standard: ITU-T standardized coding (0x00) ...0 0000 = Information transfer capability: Speech (0x00) 1... .... = Extension indicator: last octet .00. .... = Transfer mode: Circuit mode (0x00) ...1 0000 = Information transfer rate: 64 kbit/s (0x10) 1... .... = Extension indicator: last octet ...0 0011 = User information layer 1 protocol: Recommendation G.711 A-law (0x03) Channel identification Information element: Channel identification Length: 3 1... .... = Extension indicator: last octet .0.. .... = Interface identifier present: False ..1. .... = Interface type: Primary rate interface .... 1... = Indicated channel is exclusive: Exclusive; only the indicated channel is acceptable .... .0.. = D-channel indicator: False .... ..01 = Information channel selection: Channel indicated in following octets (0x01) 1... .... = Extension indicator: last octet .00. .... = Coding standard: ITU-T standardized coding (0x00) ...0 .... = Number/map: Channel indicated by number .... 0011 = Element type: B-channel units (0x03) 1... .... = Extension indicator: last octet .000 0010 = Channel number: 2 Non-locking shift to codeset 5: Information elements for national use Unknown information element (0x31) Information element: Unknown (0x31) Length: 1 Data: 80 Called party number: '129' Information element: Called party number Length: 4 .... 1001 = Numbering plan: Private numbering (0x09) .100 .... = Number type: Subscriber number (0x04) 1... .... = Extension indicator: last octet Called party number digits: 129 High-layer compatibility Information element: High-layer compatibility Length: 2 .00. .... = Coding standard: ITU-T standardized coding (0x00) High layer characteristics identification: Telephony User-user Information element: User-user Length: 15 Protocol discriminator: User-specific protocol User information: FEB30C07498131323533357F0182
(0xFE is identifier of own protocol)
0000 00 80 37 52 f2 14 00 01 ec fb c0 9c 08 00 45 b8 ..7R..........E. 0010 00 c4 f0 fa 00 00 40 06 38 36 0a 18 1e 0d 0a 18 [email protected]...... 0020 1e 0f 04 75 06 b8 22 40 11 02 00 48 c1 02 50 18 ...u..'@...H..P. 0030 16 d0 c1 ad 00 00 03 00 00 9c 08 02 01 2a 05 04 .............*.. 0040 03 88 90 a5 70 04 c9 31 32 39 7e 00 85 05 20 d0 ....p..129~... . 0050 06 00 08 91 4a 00 02 00 0a 18 1e 0d 07 d2 00 00 ....J........... 0060 01 01 00 45 c0 00 00 00 18 3e 17 fb 70 00 08 46 ...E.....>..p..F 0070 7f 00 b6 36 78 00 cd 0c 00 00 07 00 0a 18 1e 0d ...6x........... 0080 06 b8 11 00 00 00 00 18 3e 17 fb 70 00 08 46 7f ........>..p..F. 0090 00 b6 36 78 01 00 01 80 10 88 01 00 35 00 03 2b ..6x........5..+ 00a0 0c 09 01 2e 08 02 00 53 05 04 03 80 90 a3 18 03 .......S........ 00b0 a9 83 82 9d 31 01 80 70 04 c9 31 32 39 7d 02 91 ....1..p..129}.. 00c0 81 7e 0f 00 fe b3 0c 07 49 81 31 32 35 33 35 7f .~......I.12535. 00d0 01 82
. Best Regards Tous vos amis discutent sur Messenger, et vous ? Téléchargez Messenger, c'est gratuit ! |
Attachment:
networking_annexeM1_UUIE.cap
Description: Binary data
- Follow-Ups:
- Re: [Wireshark-dev] Wiresharlk plug-in
- From: Richard van der Hoff
- Re: [Wireshark-dev] Wiresharlk plug-in
- Prev by Date: Re: [Wireshark-dev] Need some help regarding cnf file syntax
- Next by Date: [Wireshark-dev] How to check whether a plugin is installed from inside a dissector ?
- Previous by thread: [Wireshark-dev] Is it possible to pass some private data to lua dissectors?
- Next by thread: Re: [Wireshark-dev] Wiresharlk plug-in
- Index(es):