Wireshark-dev: Re: [Wireshark-dev] Dissector for User Protocol

From: Németh Márton <nm127@xxxxxxxxxxx>
Date: Tue, 11 Nov 2008 08:05:16 +0100
Hi Lukas,

Lukas Haas wrote:
> i have implemented a sniffer in an fpga that captures the data packets 
> on a RS-485 token network, packs them into ethernet packets, and sends 
> them to a workstation. my idea now is to write a plugin for wireshark 
> that analyzes these packets. i have already downloaded c++ compiler, 
> wireshark source code, and anything else (like explained in the 
> developer guide) and managed to build wireshark. but i'm struggling 
> with my own dissector and need someones help.
> 
> according to chapter 9.2 (Adding a basic dissector) in this guide or 
> chapter 1.2 (Skeleton code) in the README file, the dissector has to be 
> associated with some parent subfield (in the example this is 
> "udp.port"). i'm sending raw ethernet packets (no TCP/IP or UDP 
> protocol ant therefore no ports), so how do i have to use the 
> dissector_add() function? i couldn't find a manual to all these 
> functions and hope that someone has experience in writing a plugin for 
> a "user protocol"

I was dealing with dissectors a long time ago, but maybe this is a hint for
you: have a look at the wireshark/epan/dissectors/packet-eth*.{c,h} files as
an example. The packet-eth.c registers itself to the low level "wtap_encap".
Then have a look at wiretap/wtap.h where the different WTAP_ENCAP_* constants
are defined.

Also note that you may use the Lua language to write your dissector:
http://www.wireshark.org/docs/wsug_html_chunked/wsluarm.html
http://www.wireshark.org/docs/wsug_html_chunked/wslua_dissector_example.html

Hope this helps somewhat.

	M�rton N�meth