Wireshark-dev: [Wireshark-dev] Dissector for User Protocol
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Lukas Haas <luhaas@xxxxxxxxxx>
Date: Fri, 07 Nov 2008 15:25:28 +0100
i have implemented a sniffer in an fpga that captures the data packets on a RS-485 token network, packs them into ethernet packets, and sends them to a workstation. my idea now is to write a plugin for wireshark that analyzes these packets. i have already downloaded c++ compiler, wireshark source code, and anything else (like explained in the developer guide) and managed to build wireshark. but i'm struggling with my own dissector and need someones help.
according to chapter 9.2 (Adding a basic dissector) in this guide or chapter 1.2 (Skeleton code) in the README file, the dissector has to be associated with some parent subfield (in the example this is "udp.port"). i'm sending raw ethernet packets (no TCP/IP or UDP protocol ant therefore no ports), so how do i have to use the dissector_add() function? i couldn't find a manual to all these functions and hope that someone has experience in writing a plugin for a "user protocol" 

thanks for the help
lukas

p.s.
maybe it helps to give you my ethernet frame format:
6 bytes dest. address
6 bytes source address
2 bytes length
19 bytes data
27 bytes 0x00 (so that the ethernet frame is large enough)
4 bytes FCS