Hi Lukas,
Lukas Haas wrote:
> i have implemented a sniffer in an fpga that captures the data packets
> on a RS-485 token network, packs them into ethernet packets, and sends
> them to a workstation. my idea now is to write a plugin for wireshark
> that analyzes these packets. i have already downloaded c++ compiler,
> wireshark source code, and anything else (like explained in the
> developer guide) and managed to build wireshark. but i'm struggling
> with my own dissector and need someones help.
>
> according to chapter 9.2 (Adding a basic dissector) in this guide or
> chapter 1.2 (Skeleton code) in the README file, the dissector has to be
> associated with some parent subfield (in the example this is
> "udp.port"). i'm sending raw ethernet packets (no TCP/IP or UDP
> protocol ant therefore no ports), so how do i have to use the
> dissector_add() function? i couldn't find a manual to all these
> functions and hope that someone has experience in writing a plugin for
> a "user protocol"
I was dealing with dissectors a long time ago, but maybe this is a hint for
you: have a look at the wireshark/epan/dissectors/packet-eth*.{c,h} files as
an example. The packet-eth.c registers itself to the low level "wtap_encap".
Then have a look at wiretap/wtap.h where the different WTAP_ENCAP_* constants
are defined.
Also note that you may use the Lua language to write your dissector:
http://www.wireshark.org/docs/wsug_html_chunked/wsluarm.html
http://www.wireshark.org/docs/wsug_html_chunked/wslua_dissector_example.html
Hope this helps somewhat.
Márton Németh
