Hi All,
I am adding a new protocol to wireshark that does not rely
or depend on any other protocols(tcp, udp, ethernet,ppp,etc). I will be
thankful if anyone can help me understand the following things:
1. I have written the protocol dissector for my unique protocol.
But how do I differentiate the input packets in .pcap file so that only my
protocol dissector gets called to process the data? And how can I add
uniqueness to the input data stream to customize it to my protocol. Is the
protocol identified by means of some common pattern in the input stream of
bytes .If that is the case, how can I do that?
2. What is the difference between the dissector table and
encapsulation table. I have understood how the protocol dissector encodes the
input data and display it in a tree based on the formatting defined by static
arrays ett and hf. What all steps I need to perform in order to write a
protocol dissector that does not depend on any existing protocols and customize
the input data in pcap file so that my protocol dissector gets called only when
it comes across correct input data.
Mrunal