Wireshark-dev: Re: [Wireshark-dev] Plugin development on Windows...
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sun, 1 Oct 2006 18:51:42 +0200 (CEST)
Hi, Register a dynamic RTP payload type with the RTP dissector table "rtp_dyn_payload_type". Have a look at packet-rtp-event.c how this is done. Thanx, Jaap On Sun, 1 Oct 2006, Tobias Erichsen wrote: > Hi Jaap, > > I have actually got the framework to run and I already have my > dissector working pretty nicely (I had to install Visual Studio > 6 on my PC, since I had updated to 2003 for a long time already...) > > One question remains: > > My dissector detects the protocol heuristically, establishes a > conversation and hands all the "other" data to the RTP-dissector. > All this is running pretty well. > > The content of the RTP-protocol is not yet supported by the RTP- > dissector, how would I proceed to > > a.) enhance the RTP-dissector with a decoder for a specific payload-type > > and > > b.) how can I tell the RTP-dissector that it should use this specific > payload-decoder when I call it from my dissector? > > Tobias > > > -----Urspr??ngliche Nachricht----- > > Von: wireshark-dev-bounces@xxxxxxxxxxxxx > > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von > > Jaap Keuter > > Gesendet: Sonntag, 1. Oktober 2006 14:00 > > An: Developer support list for Wireshark > > Betreff: Re: [Wireshark-dev] Plugin development on Windows... [heur] > > > > Hi Tobias, > > > > Take a look at the Wireshark Developer Guide, there is an > > extensive description how to setup a development environment > > on Windows. Just follow the steps and your underway. > > > > Thanx, > > Jaap > > > > On Sun, 1 Oct 2006, Tobias Erichsen wrote: > > > > > Well I guess that coding a plugin (especially if the > > protocol is not > > > too > > > complex) will be not that hard. > > > > > > What I find rather complex to set up the environement to be able to > > > compile a plugin at all... > > > > > > Do I need to compile Wireshark first to be able to compile > > plugins-dlls? > > > What kind of additional libraries & include-files do I need > > on top of > > > the etheral-source to be able to compile my own-plugin dll? > > > > > > I would guess that quite a few more protocol > > dissectors/plugins would > > > be written if this process would be a bit easier. I guess a lot of > > > people are just repelled by how much they must do first, just to > > > dissect a couple of octets and display their content in > > legible form... > > > > > > Tobias > > > > > > > -----Urspr????ngliche Nachricht----- > > > > Von: wireshark-dev-bounces@xxxxxxxxxxxxx > > > > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Jaap > > > > Keuter > > > > Gesendet: Sonntag, 1. Oktober 2006 07:48 > > > > An: Developer support list for Wireshark > > > > Betreff: Re: [Wireshark-dev] Question concerning some specific > > > > protocol... [heur] > > > > > > > > Hi, > > > > > > > > Ahhh, now it's getting simple. Just create a heuristic > > dissector for > > > > your proprietary protocol. It DOES work by recognition of > > (part of) > > > > content. > > > > For RTP you'll have to enable the preference "Try to decode RTP > > > > outside of conversations". You can look in the RTP dissector how > > > > it's done and use that same method in your own dissector. > > > > > > > > Thanx, > > > > Jaap > > > > > > > > On Sat, 30 Sep 2006, Tobias Erichsen wrote: > > > > > > > > > The problem is that the port is not fix - the protocol(s) > > > > may run on > > > > > any ports. > > > > > > > > > > Are protocols that are recognized automatically by Wireshark > > > > > always recognized by the port, not be the content of > > the datagrams? > > > > > > > > > > I know that I can go on a sniffed packet and say "decode > > > > as" selecting > > > > > the protocol manually, but it would be cool to let wireshark/my > > > > > protocol plugin find it out automatically if it finds any > > > > packets that > > > > > are encoded according to the proprietary protocol and as > > > > soon as this > > > > > fact ist established, all packets for this > > udp-port-tuple will be > > > > > decoded by my plugin, even though some of the packets won't > > > > match the > > > > > proprietary signature (in this case I would know that it is > > > > RTP-data > > > > > and decode accordingly) > > > > > > > > > > Tobias > > > > > > > > > > > -----Urspr????????ngliche Nachricht----- > > > > > > Von: wireshark-dev-bounces@xxxxxxxxxxxxx > > > > > > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im > > Auftrag von Jaap > > > > > > Keuter > > > > > > Gesendet: Samstag, 30. September 2006 17:53 > > > > > > An: Developer support list for Wireshark > > > > > > Betreff: Re: [Wireshark-dev] Question concerning some > > specific > > > > > > protocol... [heur] > > > > > > > > > > > > Hi, > > > > > > > > > > > > Well that is simple then. Register your proprietary dissector > > > > > > for the UDP port. If it's your protocol dissect it, otherwise > > > > > > hand it over to the RTP dissector. > > > > > > > > > > > > Thanx, > > > > > > Jaap > > > > > > > > > > > > On Sat, 30 Sep 2006, Tobias Erichsen wrote: > > > > > > > > > > > > > Hi everyone, > > > > > > > > > > > > > > I have used Ethereal/Wireshark for some time now, and I > > > > > > would like to > > > > > > > contribute by developing a protocol-plugin for a > > > > combination of a > > > > > > > proprietary and an open protocol based on RTP... > > > > > > > > > > > > > > Both protocols run on the sample UDP port-pair tuple. The > > > > > > proprietary > > > > > > > protocol can be detected very easy, as it has an easy to > > > > > > distinguish > > > > > > > signature. The RTP-based part is not, as RTP has > > > > really no good > > > > > > > recognition value. > > > > > > > > > > > > > > So how would I design such a dissector, that if I detect > > > > > > the easy-to- > > > > > > > recognize proprietary protocol on a UDP-port-tuple, that I > > > > > > could then > > > > > > > heuristically see that the other datagrams will be the > > > > > > RTP-based ones > > > > > > > and hand their decoding appropriate (writing again my own > > > > > > > dissector for this specific RTP payload type) > > > > > > > > > > > > > > Best regards, > > > > > > > Tobias > > > > > > > > > > > > > > PS.: I will be developing & testing the stuff on > > > > Windows-platform, > > > > > > > cause that's what I'm most familiar with ;-) > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > Wireshark-dev mailing list > > > > > > Wireshark-dev@xxxxxxxxxxxxx > > > > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > > > > > _______________________________________________ > > > > > Wireshark-dev mailing list > > > > > Wireshark-dev@xxxxxxxxxxxxx > > > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > Wireshark-dev mailing list > > > > Wireshark-dev@xxxxxxxxxxxxx > > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > _______________________________________________ > > > Wireshark-dev mailing list > > > Wireshark-dev@xxxxxxxxxxxxx > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > > > > _______________________________________________ > > Wireshark-dev mailing list > > Wireshark-dev@xxxxxxxxxxxxx > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-dev > >
- References:
- Re: [Wireshark-dev] Plugin development on Windows...
- From: Tobias Erichsen
- Re: [Wireshark-dev] Plugin development on Windows...
- Prev by Date: Re: [Wireshark-dev] Plugin development on Windows...
- Next by Date: [Wireshark-dev] Filter dialog changes ...
- Previous by thread: Re: [Wireshark-dev] Plugin development on Windows...
- Next by thread: [Wireshark-dev] GUI-bug or "works as designed"?
- Index(es):