Ethereal-dev: Re: [Ethereal-dev] Creating a new Dissector
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Richard Sharpe <rsharpe@xxxxxxxxxx>
Date: Wed, 2 Oct 2002 17:13:22 +0930 (CST)
On Wed, 2 Oct 2002, pevee wrote:
> MessageHi,
>
> I took packet-tftp.c for initial example.
You need to read more code ...
> (1) I tried to modified some portion of the code /downloads/ethereal-0.9.6/packet-tftp.c
>
> For example:-
>
>
> { &hf_tftp_opcode,
> { "Opcode", "tftp.opcode",
> FT_UINT16, BASE_DEC, VALS(tftp_opcode_vals), 0x0,
> "TFTP message type", HFILL }},
>
> { &hf_tftp_opcode,
> { "XXX", "tftp.opcode",
> FT_UINT16, BASE_DEC, VALS(tftp_opcode_vals), 0x0,
> "TFTP message type", HFILL }},
>
>
>
> (2) Make it /downloads/ethereal-0.9.6/make
> (3) The changes that I made does not reflect in the Ethereal packet capturing.
> (4) Please advice :)
>
> Thank you
>
> Calvin
> ----- Original Message -----
> From: Richard Urwin
> To: 'Visser, Martin (Sydney)' ; ethereal-dev@xxxxxxxxxxxx
> Sent: Monday, September 30, 2002 5:04 PM
> Subject: RE: [Ethereal-dev] Creating a new Dissector
>
>
> IMO it's well worth going the extra mile and:
> 10. Read Readme-plugins
> 11. Convert your dissector to a plug-in
>
> There's a fair amount of debugging to be done there as well, but you can then keep upgrading/reinstalling Ethereal without having to build your own version each time. Don't try to go straight to a plug-in, the conversion is easy and the bug list is easier to control if you do it in two steps.
>
> --
> Richard Urwin, Private
> "No 9000 series computer has ever made a mitsake or corrubiteddatatato."
>
> -----Original Message-----
> From: Visser, Martin (Sydney) [mailto:Martin.Visser@xxxxxx]
> Sent: 30 September 2002 08:20
> To: ethereal-dev@xxxxxxxxxxxx
> Subject: RE: [Ethereal-dev] Creating a new Dissector
>
>
> Never having created a dissector, this is how I would go about it (in my own hacker way!)
>
> 1. Grab the source tree. 0.9.7 is the current release
> 2. There is some documentation in there on how ethereal is put together. Failing that....
> 3. Pick a currently dissected protocol, say IGMP, and do a grep/find/ etc to find the relevant dissector code. (Hint usually they are named packet-xxx.c, in this case packet-igmp.c)
> 4. Copy this dissector to yours - packet-peveeprotocol.c .
> 5. Try to hack the dissector it to make it look like it will decode your registration packet.
> 6. Hack makefile.am to add your dissector.
> 7. Run "make" to hopefully compile your dissector, create the hooks into "register.c" etc, and link your dissector into ethereal.
> 8. With a long stick type "ethereal" and watch it all blow up. Then go to step 5 :-)
> 9. If it runs try it on your packet. Likely you will need to go back to step 5 again :-)
>
> There are probably a few bits missing here, but hopefully this will give an idea of where to start (at least until someone who has done this replies!)
>
> (I always find "grep -r" and using "tags" with vi, are my best friend when it comes to hacking someone elses code!!!)
> Martin Visser
> Network Consultant
> Technology & Infrastructure - Consulting & Integration
> COMPAQ, part of the new HP
>
> 3 Richardson Place
> North Ryde, Sydney NSW 2113, Australia
> Phone (: +61-2-9022-1670 Mobile È: +61-411-254-513
> Fax 7: +61-2-9022-1800 E-mail + : martin.visserAThp.com
>
>
>
> -----Original Message-----
> From: pevee [mailto:clkuan@xxxxxxxxxxxxxxx]
> Sent: Monday, 30 September 2002 4:39 PM
> To: ethereal-dev@xxxxxxxxxxxx
> Subject: [Ethereal-dev] Creating a new Dissector
>
>
> p/s: Ronnie suggested I post the message here...I could be getting more help :)...Thank you
>
> Hi,
>
> I am not sure if dissecting is the correct word to use. (could be
> decoding new packet)
>
> (1) I have created a Regustration Packet which have its own format.
> (2) How can I write a code so that ETHEREAL will well recognise it and
> decode it
>
> Hope to hear from you all soon...
>
> Thank you
>
> Warm regards,
>
> Calvin Kaiwen
>
>
>
> _____________________________________________________________________
> This e-mail has been scanned for viruses by the WorldCom Internet Managed Scanning Service - powered by MessageLabs. For further information visit http://www.worldcom.com
>
> ________________________________________________________________________
> This email has been scanned for all viruses by the MessageLabs SkyScan
> service. For more information on a proactive anti-virus service working
> around the clock, around the globe, visit http://www.messagelabs.com
> ________________________________________________________________________
>
>
--
Regards
-----
Richard Sharpe, rsharpe@xxxxxxxxxx, rsharpe@xxxxxxxxx,
sharpe@xxxxxxxxxxxx
- References:
- Re: [Ethereal-dev] Creating a new Dissector
- From: pevee
- Re: [Ethereal-dev] Creating a new Dissector
- Prev by Date: Re: [Ethereal-dev] Creating a new Dissector
- Next by Date: Re: [Ethereal-dev] SLPv2 support
- Previous by thread: Re: [Ethereal-dev] Creating a new Dissector
- Next by thread: Re: [Ethereal-dev] Creating a new Dissector
- Index(es):
