Wireshark-users: Re: [Wireshark-users] subprotocols
From: Charles Smith <cts.private.yahoo@xxxxxxxxx>
Date: Wed, 15 Oct 2014 13:48:33 +0200
Great, thanks alot!
On Wed, Oct 15, 2014 at 11:07 AM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
2014-10-15 10:41 GMT+02:00 Charles Smith <cts.private.yahoo@xxxxxxxxx>:TIAHello Pascal,I don't find any .c files under (ubuntu) /usr/share/wireshark - is this only available to a dissector that's linked-in to the executable? Or can I access it via lua, as well? Or, do I only need to get the source tarball in order to study the example? Would it be wiser to ditch my lua code and do it in c?
ctsHi,
this is the first time you mention that you are doing a Lua plugin. But I guess internal dissectors can be called from Lua also (note: I have never written any Lua plugin myself but I know there is quite a lot of documentation on http://wiki.wireshark.org/Lua and it seems you can retrieve the MAC LTE dissector by using Dissector.name("mac-lte") and call it with dissector::call()).If you want to have a look at packet-catapult-dct2000.c, you can find the latest version of the file here: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-catapult-dct2000.c;h=30c0d6df954155f3fde7f546abd21357099010f7;hb=refs/heads/masterDepending on the Wireshark version you are using, you might consider browsing to the right version by clicking on the summary link and selecting the right tag or head.Pascal.On Wed, Oct 15, 2014 at 9:13 AM, Charles Smith <cts.private.yahoo@xxxxxxxxx> wrote:Thank you.On Tue, Oct 14, 2014 at 10:34 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:2014-10-14 22:15 GMT+02:00 Charles Smith <cts.private.yahoo@xxxxxxxxx>:Is it built in, I just have to get the linkage right? Or do I have to fetch it from somewhere?Yes it's a built-in dissector. Please have a look at packet-catapult-dct2000.c for an example on how to call a sub dissector via call_dissector_only() function (it is easier than using the UDP framing protocol which is more suitable when calling Wireshark from an external program).On Tue, Oct 14, 2014 at 7:22 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:___________________________________________________________________________2014-10-14 17:33 GMT+02:00 Charles Smith <cts.private.yahoo@xxxxxxxxx>:Hi.
I have created a dissector for our tunnel protocol. I have the feeling that if I want to decode a payload protocol, say LTE MAC protocol, I'd use the proto() statement to hang that into my tree and some library code somewhere would do the rest of the decoding ... but I can't find these libraries (e.g. http://wiki.wireshark.org/MAC-LTE). Can someone set me straight?
ctsHi Charles,LTE MAC dissector is a bit specific as it requires some meta data allowing it to know how to decaode the payload. You have 2 ways to configure it:- either look at epan/dissectors/packet-catapult-dct2000.c and check how it is configuring those meta data (mac_lte_info structure attached to each frame)- or use the UDP framing format as described in epan/dissectors/packet-mac-lte.h file. Some sample code demonstrating how to use it can be found here: http://wiki.wireshark.org/MAC-LTERegards,
Pascal.
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] subprotocols
- From: Charles Smith
- Re: [Wireshark-users] subprotocols
- From: Pascal Quantin
- Re: [Wireshark-users] subprotocols
- From: Charles Smith
- Re: [Wireshark-users] subprotocols
- From: Pascal Quantin
- Re: [Wireshark-users] subprotocols
- From: Charles Smith
- Re: [Wireshark-users] subprotocols
- From: Charles Smith
- Re: [Wireshark-users] subprotocols
- From: Pascal Quantin
- [Wireshark-users] subprotocols
- Prev by Date: Re: [Wireshark-users] subprotocols
- Next by Date: [Wireshark-users] Feedback on WS 2 preview
- Previous by thread: Re: [Wireshark-users] subprotocols
- Next by thread: [Wireshark-users] Feedback on WS 2 preview
- Index(es):