Wireshark · Wireshark-dev: Re: [Wireshark-dev] compiling dissector plugin

Wireshark-dev: Re: [Wireshark-dev] compiling dissector plugin

From: Christopher Maynard <Chris.Maynard@xxxxxxxxx>

Date: Mon, 8 Nov 2010 18:25:25 +0000 (UTC)

Lange Jan-Erik <Jan-Erik.Lange@...> writes:

> Ok, before I go further I have to clarify some things. I want to implement a
protocol, that is not Ethernet
> compliant. As I see it, you can tell wireshark to use a certain dissector for
a certain protocoll and port by
> the function
> 	dissector_add("udp.port", FOO_PORT, foo_handle);
> 
> How can I implement a dissector for a non ethernet compliant protocoll?

dissector_add() is used for more than just UDP.  In fact, many dissectors
register their ethertypes using dissector_add("ethertype", ETHERTYPE_FOO,
foo_handle);  You will likely need to register similarly with whatever protocol
yours is encapsulated in.

Alternatively, you might use heur_dissector_add() if yours is a heuristic based
dissector, in other words if there's no definitive way for the protocol carrying
your traffic to know for certain if the traffic is yours or not.  Read more
about heuristic dissectors in doc/README.heuristic.

References:
- [Wireshark-dev] compiling dissector plugin
  - From: Lange Jan-Erik
- Re: [Wireshark-dev] compiling dissector plugin
  - From: Christopher Maynard
- Re: [Wireshark-dev] compiling dissector plugin
  - From: Lange Jan-Erik

Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86
Next by Date: [Wireshark-dev] bug 5175 PPI-GEOLOCATION patch, input pcap
Previous by thread: Re: [Wireshark-dev] compiling dissector plugin
Next by thread: [Wireshark-dev] XML Dissection in Wireshark
Index(es):
- Date
- Thread