|
Never
having created a dissector, this is how I would go about it (in my own hacker
way!)
1.
Grab the source tree. 0.9.7 is the current release
2.
There is some documentation in there on how ethereal is put together. Failing
that....
3.
Pick a currently dissected protocol, say IGMP, and do a grep/find/ etc to find
the relevant dissector code. (Hint usually they are named packet-xxx.c, in this
case packet-igmp.c)
4.
Copy this dissector to yours - packet-peveeprotocol.c
.
5. Try
to hack the dissector it to make it look like it will decode your registration
packet.
6.
Hack makefile.am to add your dissector.
7. Run "make" to hopefully
compile your dissector, create the hooks into "register.c" etc, and link your
dissector into ethereal.
8. With a long stick type "ethereal" and watch
it all blow up. Then go to step 5 :-)
9. If
it runs try it on your packet. Likely you will need to go back to step 5 again
:-)
There
are probably a few bits missing here, but hopefully this will give an idea of
where to start (at least until someone who has done this
replies!)
(I
always find "grep -r" and using "tags" with vi, are my best friend when it
comes to hacking someone elses code!!!)
Martin
Visser
Network
Consultant
Technology & Infrastructure - Consulting &
Integration
COMPAQ, part of the new HP
3 Richardson Place
North Ryde, Sydney NSW 2113,
Australia
Phone (:
+61-2-9022-1670
Mobile È: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail + : martin.visserAThp.com
p/s: Ronnie suggested I post the message here...I
could be getting more help :)...Thank you
Hi,
I am not sure if dissecting is the correct word
to use. (could be
decoding new packet)
(1) I have created a
Regustration Packet which have its own format.
(2) How can I write a code
so that ETHEREAL will well recognise it and
decode it
Hope to hear
from you all soon...
Thank you
Warm regards,
Calvin
Kaiwen
� | 
