Hi, all
I am developing a dissector to show the details of the trailer.
The trailer is added to any other layer 4 or above protocols, for example, the
trailer can be added to UDP or HTTP or ICMP.
Following is the format of the packet.
There are at least two trailer fields: magic, TTL, ….; ( TTL
in the trailer is the TTL in IP. )
My questions are:
1.
How to instruct wireshark to handoff packet to
my dissector? Using magic number, TTL, or what? The trailer is at the end of
the packet, how to dissect the trailer (since so far, without the trailer
dissector, it shows “data xxxxxxxxx….” at the end of the layer 4 or above
protocol )?
2. how does wireshark know at where my trailer started in a packet? using the "total length" of IP, or what?
3.
To define trailer fields is the same way to
define header fields?
4.
Any examples which also dissect trailer?
Thanks
John
| ………………… |
*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------
* | ~ |
* | Original IP Header | IP
* | ~ |
*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------
* | ~ |
* | Original IP payload | L4 and
* | ~ | Above
*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------
* |
Magic | …
| TTL
……
| trailer
*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------
