Hi, all
I am developing a dissector to show the details of the trailer.
The trailer is added to any other layer 4 or above protocols, for example, the
trailer can be added to UDP or HTTP or ICMP.
Following is the format of the packet.
There are at least two trailer fields: magic, TTL, 锟斤拷.; ( TTL
in the trailer is the TTL in IP. )
My questions are:
1.
How to instruct wireshark to handoff packet to
my dissector? Using magic number, TTL, or what? The trailer is at the end of
the packet, how to dissect the trailer (since so far, without the trailer
dissector, it shows 锟斤拷data xxxxxxxxx锟斤拷.锟斤拷 at the end of the layer 4 or above
protocol )?
2. how does wireshark know at where my trailer started in a packet? using the "total length" of IP, or what?
3.
To define trailer fields is the same way to
define header fields?
4.
Any examples which also dissect trailer?
Thanks
John
| 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷 |
*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------
* | ~ |
* | Original IP Header | IP
* | ~ |
*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------
* | ~ |
* | Original IP payload | L4 and
* | ~ | Above
*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------
* |
Magic | 锟斤拷
| TTL
锟斤拷锟斤拷
| trailer
*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------