Wireshark · Wireshark-dev: Re: [Wireshark-dev] Protocol development

["Douglas Pratley" <Douglas.pratley@xxxxxxxxxx>]

Unfortunately, I don't think Wireshark can't quite do what you want.

 

I am assuming that you have the protocol stack:

Ethernet ->  maps to next layer by "Ethertype" field 

IP -> maps to next layer by "Protocol" field

UDP -> maps to next layer by "Port" field

<your protocol>

 

As Sebastien said, the UDP dissector can only direct to the next layer by port, not by the IP address. You can achieve some of the effect you want by running wireshark with a filter based on IP address, then have your new dissector registered for the correct UDP port.

 

If I've misunderstood the code I'd be grateful to be corrected - I've been looking at this because we have a similar set of requirements. It looks to me as if I would have to make some non-trivial changes to the IP, UDP and TCP dissectors to be able to choose dissectors based on more complex filters (not to mention having to make extensions to the UI). I might have the time to do this, but would have to tread carefully to avoid breaking this (rather central) functionality, and anything I do won't be available for a couple of months.

 

Cheers

 

Doug

---

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
Sent: 13 December 2006 15:53
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Protocol development

Hi our requirement is as follows:

The packets are sent from the  application to a particular multicast ip address.

Now we want ethereal to capture these packets from the network.

So as I have observed for the implemnation of a protocol, a dissector has to be registered with a port. But I really dont know how they are getting the packets capturing at the ip layer. I mean I dont know how ethereal recognizes the ip address on which it has to capture the ip packets. Pleaseb any one tell me how this can be done. Besos we are supposed to implement our protocol for a particular multicast address and a particular udp port.

Regards

Prashanth

sebastien@xxxxxxxxx wrote:

Hi,

You can't as you said "register a protocol for an IP address" ... but you can
register a plugin which will dissect your protocol.
If you only want the dissection for a particular IP address, wireshark allows
you to create a filter (capture or display).

for a plugin implementation in wireshark see the documentation
http://www.wireshark.org/docs/wsdg_html_chunked/

Regards,
Sebastien Tandel

Selon prashanth joshi :

> Hi all,
> We are required to develop a protocol on ethereal. The packets are sent to
> a particular ip address and the ethereal is supposed to capture packets from
> that ip address. Please any one tell me how to register our protocol for that
> ip address.
> Regards,
> Prashanth.
>
>
> ---------------------------------
> Everyone is raving about the all-new Yahoo! Mail beta.


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

---

Need a quick answer? Get one in minutes from people who know. Ask your question 
on Yahoo! 
Answers.


This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory.  The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies.

Detica Limited is registered in England under No: 1337451.

Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.