Ethereal-users: Re: [Ethereal-users] Re: Newbie Dissector question
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: linux lover <linux_lover2004@xxxxxxxxx>
Date: Fri, 8 Apr 2005 05:04:10 -0700 (PDT)
Hello,
--- ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> Correct.
>
> The dissector_add() lines registers the ip dissector
> for those
> transports which transports ip.
> It just registers dissect_ip() in some external
> dissector tables.
>
> Look inside packet-eth.c you will see the dissector
> table for things
> running ontop of ethernet and see soemthing liek
> dissector_try_port() that will call the dissector
> registered in that
> table.
I check that one. i found it in
packet-ethernet.c.
OK,so following function is used to search dissector
table for that packets handoff to next protocol.
dissector_found =
dissector_try_port(ethertype_dissector_table,
etype, next_tvb, pinfo, tree);
Then why following is used in packet-eth.c
fw1_handle = find_dissector("fw1");
Does it not also finds next dissector routine
to handle packet?
regards,
linux_lover.
>
>
>
> On Fri, 8 Apr 2005 02:25:56 -0700 (PDT), linux lover
> <linux_lover2004@xxxxxxxxx> wrote:
> > hello,
> > Thanks for understanding me the various
> packets
> > handled by ip protocol.
> > I have one more query in following function
> > void proto_reg_handoff_ip(void)
> > {
> > dissector_handle_t ip_handle;
> >
> > data_handle = find_dissector("data");
> > ip_handle = find_dissector("ip");
> >
> > dissector_add("ethertype", ETHERTYPE_IP,
> > ip_handle);
> > dissector_add("ppp.protocol", PPP_IP,
> > ip_handle);
> > So can i say in simple words that
> > dissector_add is used when ethereal got packets
> from
> > ppp interface or IP packets from NIC,then use
> > dissect_ip function in above case.
> > Please correct me.
> >
> > Thanks for help.
> > regards,
> > linux_lover.
> >
> > --- Guy Harris <gharris@xxxxxxxxx> wrote:
> > > LEGO wrote:
> > >
> > > >> dissector_add("ppp.protocol",
> > > ETHERTYPE_IP,
> > > >>ip_handle);
> > > >
> > > >
> > > > a different way to do IP over PPP (?)
> > >
> > > More like "a different way of constructing a
> network
> > > stack", i.e.
> > > Microsoft's way of constructing it, in which
> > > everything above the link
> > > layer expects packets that look like Ethernet
> > > packets, and there's a
> > > "glue layer" (NDISWAN) that translates between
> PPP
> > > and Ethernet packets,
> > > and, apparently, you can, when capturing with
> > > WinPcap, see packets with
> > > PPP headers with Ethernet types rather than PPP
> > > types in the prtoocol field.
> > >
> > > >> dissector_add("null.type",
> BSD_AF_INET,
> > > ip_handle);
> > > >
> > > > IP over .... a null socket type????
> > >
> > > IP over BSD loopback interfaces; the DLT_ name
> for
> > > that is DLT_NULL.
> > > There's really nothing "null" about it - there's
> a
> > > link-layer header for
> > > them, containing a 4-byte BSD address family
> value.
> > >
> > > >> dissector_add("chdlctype",
> ETHERTYPE_IP,
> > > ip_handle);
> > > >
> > > > IP over ????
> > >
> > > IP over "Cisco HDLC", a pre-PPP Cisco scheme for
> > > encapsulating packets
> > > on a synchronous serial line.
> > >
> > > >> dissector_add("osinl.excl", NLPID_IP,
> > > ip_handle);
> > > >
> > > > IP over OSI Network Layer???
> > >
> > > IP over the same layering scheme used for the
> OSI
> > > networking layer, with
> > > a 1-byte protocol type field.
> > >
> > > >> dissector_add("wtap_encap",
> WTAP_ENCAP_RAW_ICMP,
> > > >>icmp_handle);
> > > >
> > > >
> > > >> First one is ok that ICMP packet
> > > processed
> > > >>IP header and then giving data part to ICMP
> but
> > > what
> > > >>is other thing wtap_encap?
> > > >
> > > > This I realy do not know, it might well be
> ICMP
> > > found raw in a pcap
> > > > file by wiretap.
> > >
> > > Yes, it's raw ICMP in HP-UX nettl files.
> > >
> > > _______________________________________________
> > > Ethereal-users mailing list
> > > Ethereal-users@xxxxxxxxxxxx
> > >
> >
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> >
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
- References:
- [Ethereal-users] Re: Newbie Dissector question
- From: ronnie sahlberg
- [Ethereal-users] Re: Newbie Dissector question
- Prev by Date: [Ethereal-users] Ethereal - does not capture outgoing packets
- Next by Date: Re: [Ethereal-users] question regarding VoIP
- Previous by thread: [Ethereal-users] Re: Newbie Dissector question
- Next by thread: [Ethereal-users] Re: summary and partial detail dissection
- Index(es):
