Wireshark · Wireshark-dev: Re: [Wireshark-dev] Extending the DHCP dissector

Wireshark-dev: Re: [Wireshark-dev] Extending the DHCP dissector

From: "Borz, John (IPG-Roseville R&D)" <john.borz@xxxxxx>

Date: Thu, 24 Sep 2009 23:07:13 +0000

My option is actually the NAP MS-SOH option with a vendor specific SOH embedded.  I have the Wireshark development environment setup, and I've written a dissector for a custom protocol already.  I was just trying to minimize the distribution impact.  Sounds like I'll have to distribute the whole package.

thanks,
John

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Thursday, September 24, 2009 3:26 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Extending the DHCP dissector

On Sep 24, 2009, at 3:00 PM, Borz, John (IPG-Roseville R&D) wrote:

> That's what I was looking for.  I would like to extend a production  
> Wireshark installation to support decoding these options similar to  
> the  new dissector DLL plugin model.  Is this possible with the  
> built-in dissectors?

The dissector plugin model allows a dissector to be plugged into any  
dissector table; this means that there already needs to be a dissector  
that registers that table.

Currently, the BOOTP dissector doesn't register any such table, so, as  
I said, there is currently no mechanism to do what you want to do.   
You would have to change the BOOTP dissector in order to do that; that  
would require you to get the Wireshark source, change it, compile it,  
and distribute that modified version of Wireshark, along with the  
plugin.

Wireshark 1.2 has a limited ability to support custom DHCP options  
without changing the code.  There is a "Custom BootP/DHCP Options"  
preference, which takes a string of the form

	176,MyOption,string;242,NewOption,ipv4

i.e., a semicolon-separated list of options, where each option is a  
comma-separated list with:

	option number - a value between 1 and 254
	option name - the name for the option
	option type:

		string, for an option that's a character string;
		ipv4, for an option that's an IPv4 address;
		bytes, for an option that's an opaque blob of bytes.

If your option is more complicated than that, this feature cannot  
support it.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-dev] Extending the DHCP dissector
  - From: Maynard, Chris

References:
- [Wireshark-dev] Extending the DHCP dissector
  - From: Borz, John (IPG-Roseville R&D)
- Re: [Wireshark-dev] Extending the DHCP dissector
  - From: Guy Harris
- Re: [Wireshark-dev] Extending the DHCP dissector
  - From: Borz, John (IPG-Roseville R&D)
- Re: [Wireshark-dev] Extending the DHCP dissector
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Extending the DHCP dissector
Next by Date: Re: [Wireshark-dev] Extending the DHCP dissector
Previous by thread: Re: [Wireshark-dev] Extending the DHCP dissector
Next by thread: Re: [Wireshark-dev] Extending the DHCP dissector
Index(es):
- Date
- Thread