Wireshark-users: Re: [Wireshark-users] subprotocols

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Tue, 14 Oct 2014 19:22:32 +0200


2014-10-14 17:33 GMT+02:00 Charles Smith <cts.private.yahoo@xxxxxxxxx>:
Hi.

I have created a dissector for our tunnel protocol.  I have the feeling that if I want to decode a payload protocol, say LTE MAC protocol, I'd use the proto() statement to hang that into my tree and some library code somewhere would do the rest of the decoding ... but I can't find these libraries (e.g. http://wiki.wireshark.org/MAC-LTE).  Can someone set me straight?

cts

Hi Charles,

LTE MAC dissector is a bit specific as it requires some meta data allowing it to know how to decaode the payload. You have 2 ways to configure it:
- either look at epan/dissectors/packet-catapult-dct2000.c and check how it is configuring those meta data (mac_lte_info structure attached to each frame)
- or use the UDP framing format as described in epan/dissectors/packet-mac-lte.h file. Some sample code demonstrating how to use it can be found here: http://wiki.wireshark.org/MAC-LTE

Regards,
Pascal.