Wireshark-dev: [Wireshark-dev] How do I make use of my dissector.
From: "Neha Chahal" <neha.chahal@xxxxxxxxx>
Date: Fri, 17 Nov 2006 14:53:30 -0800
Hi,
I have a dissector and a capture file. I am not capturing packets on the network.
This is how I execute tethereal.
tethereal -r capture.out -V -T pdml
1. I wrote a module in the wiretap/ dir and tethereal is able to understand the format of my capture file. Here I think the seek_read method is not bieng called. Isn't this the method that gives the packet to the dissector?
2. But my problem is that it doesnot call my dissector.
in the dissector code I have the --> dissector_add("udp.port" , ...) .
Question is : I want to use a capture a file not a port to listen on. Is there some thing else I need to specify instead of the " udp.port", if I have to what is this ? Does it matter?
3. I know my dissector registers with tethereal. But I dont know on what criteria does tethereal decide to call my dissector.
4. Currently the output with -V option shows the bytes in each frame but the protocol is "data". Also I tried printing some logs in the call_dissector method and saw the current_protocol values to be FRAME, DATA and MATE at runtime. I want this to be my protocol.
This is what my output look like
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The current protocol is [<Missing Protocol Name>] The protocol is [Frame]: The protocol is [Data]: The current protocol is [Frame] The protocol is [MATE]:
<packet>
<proto name="geninfo" pos="0" showname="General information" size="25">
<field name="num" pos="0" show="15" showname="Number" value="f" size="25"/>
<field name="len" pos="0" show="1149" showname="Packet Length" value="47d" size="25"/>
<field name="caplen" pos="0" show="25" showname="Captured Length" value="19" size="25"/>
<field name="timestamp" pos="0" show="Nov 9, 2006 10:39: 34.000634553" showname="Captured Time" value="1163097574.000634553" size="25"/>
</proto>
<proto name="frame" showname="Frame 15 (1149 bytes on wire, 25 bytes captured)" size="25" pos="0">
<field name="frame.marked" showname="Frame is marked: False" hide="yes" size="0" pos="0" show="0"/>
<field name="frame.time" showname="Arrival Time: Nov 9, 2006 10:39: 34.000634553" size="0" pos="0" show="Nov 9, 2006 10:39:34.000634553"/>
<field name="frame.time_delta" showname="Time delta from previous packet: 0.000017267 seconds" size="0" pos="0" show=" 0.000017267"/>
<field name="frame.time_relative" showname="Time since reference or first frame: 0.000024200 seconds" size="0" pos="0" show="0.000024200"/>
<field name="frame.number" showname="Frame Number: 15" size="0" pos="0" show="15"/>
<field name="frame.pkt_len" showname="Packet Length: 1149 bytes" size="0" pos="0" show="1149"/>
<field name="frame.cap_len" showname="Capture Length: 25 bytes" size="0" pos="0" show="25"/>
<field name="frame.protocols" showname=" Protocols in frame: data" size="0" pos="0" show="data"/>
</proto>
<field name="data" value="85e4c90400095031455375e670001902000d00ce000f0800e6"/>
</packet>
</pdml>
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
5. I followed the README.plugins and the README.developer.
Please help by answering these questions. Thank you in advance !
Thanks and Regards,
Neha Chahal
I have a dissector and a capture file. I am not capturing packets on the network.
This is how I execute tethereal.
tethereal -r capture.out -V -T pdml
1. I wrote a module in the wiretap/ dir and tethereal is able to understand the format of my capture file. Here I think the seek_read method is not bieng called. Isn't this the method that gives the packet to the dissector?
2. But my problem is that it doesnot call my dissector.
in the dissector code I have the --> dissector_add("udp.port" , ...) .
Question is : I want to use a capture a file not a port to listen on. Is there some thing else I need to specify instead of the " udp.port", if I have to what is this ? Does it matter?
3. I know my dissector registers with tethereal. But I dont know on what criteria does tethereal decide to call my dissector.
4. Currently the output with -V option shows the bytes in each frame but the protocol is "data". Also I tried printing some logs in the call_dissector method and saw the current_protocol values to be FRAME, DATA and MATE at runtime. I want this to be my protocol.
This is what my output look like
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The current protocol is [<Missing Protocol Name>] The protocol is [Frame]: The protocol is [Data]: The current protocol is [Frame] The protocol is [MATE]:
<packet>
<proto name="geninfo" pos="0" showname="General information" size="25">
<field name="num" pos="0" show="15" showname="Number" value="f" size="25"/>
<field name="len" pos="0" show="1149" showname="Packet Length" value="47d" size="25"/>
<field name="caplen" pos="0" show="25" showname="Captured Length" value="19" size="25"/>
<field name="timestamp" pos="0" show="Nov 9, 2006 10:39: 34.000634553" showname="Captured Time" value="1163097574.000634553" size="25"/>
</proto>
<proto name="frame" showname="Frame 15 (1149 bytes on wire, 25 bytes captured)" size="25" pos="0">
<field name="frame.marked" showname="Frame is marked: False" hide="yes" size="0" pos="0" show="0"/>
<field name="frame.time" showname="Arrival Time: Nov 9, 2006 10:39: 34.000634553" size="0" pos="0" show="Nov 9, 2006 10:39:34.000634553"/>
<field name="frame.time_delta" showname="Time delta from previous packet: 0.000017267 seconds" size="0" pos="0" show=" 0.000017267"/>
<field name="frame.time_relative" showname="Time since reference or first frame: 0.000024200 seconds" size="0" pos="0" show="0.000024200"/>
<field name="frame.number" showname="Frame Number: 15" size="0" pos="0" show="15"/>
<field name="frame.pkt_len" showname="Packet Length: 1149 bytes" size="0" pos="0" show="1149"/>
<field name="frame.cap_len" showname="Capture Length: 25 bytes" size="0" pos="0" show="25"/>
<field name="frame.protocols" showname=" Protocols in frame: data" size="0" pos="0" show="data"/>
</proto>
<field name="data" value="85e4c90400095031455375e670001902000d00ce000f0800e6"/>
</packet>
</pdml>
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
5. I followed the README.plugins and the README.developer.
Please help by answering these questions. Thank you in advance !
Thanks and Regards,
Neha Chahal
- Follow-Ups:
- Re: [Wireshark-dev] How do I make use of my dissector.
- From: Guy Harris
- Re: [Wireshark-dev] How do I make use of my dissector.
- Prev by Date: Re: [Wireshark-dev] dissector not shown in 'Analyze', 'Enabled Protocols'
- Next by Date: Re: [Wireshark-dev] How do I make use of my dissector.
- Previous by thread: Re: [Wireshark-dev] dissector not shown in 'Analyze', 'Enabled Protocols'
- Next by thread: Re: [Wireshark-dev] How do I make use of my dissector.
- Index(es):