Ethereal-dev: Re: [Ethereal-dev] Can we decode hex dumps?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Ashok Narayanan <ashokn@xxxxxxxxx>
Date: Thu, 26 Apr 2001 19:13:21 -0400
I am somewhat enamored with the fake header idea. Inserting fake L2 and L3
headers allows us to do this for every protocol; we don't have to go and
modify all the protocol dissectors. I'm sure many of them are looking at
*pinfo.

I am also somewhat unwilling to implement a method which requires the user to
manually edit the file; I would stay away from it unless nothing else is
possible. Currently I have written a Lex parser that allows the user to insert
#WIRETAP directives at the head of the file; this could be used to specify the
protocol, and also fake headers to insert.

Another option is not to put this in wiretap, but rather to have a menu option
directly in Ethereal which allows the user to "Import hex dump". When the user
selects this, he sees a dialog wherein he can specify the protocol and layer,
and fake headers are automatically added as required.

-Ashok

On Thu, 26 Apr 2001 16:55:57 -0500, "Gilbert Ramirez" <gram@xxxxxxxxxx> wrote:

> The same way that the hexdump decodor knows anything about the
> encapsulation type of the packet --- it would have to be marked as such
> in the hex dump via manual editing.
> 
> --gilbert
> 
> ----- Original Message -----
> From: "Ashok Narayanan" <ashokn@xxxxxxxxx>
> To: "Gilbert Ramirez" <gram@xxxxxxxxxx>
> Cc: <ethereal-dev@xxxxxxxxxxxx>
> Sent: Thursday, April 26, 2001 4:17 PM
> Subject: Re: [Ethereal-dev] Can we decode hex dumps?
> 
> 
> >
> > Yeah, but how does the hexdump decoder know that the packet is RSVP? Or,
> if a
> > protocol registers itself with an encap, can we then select it directly
> from
> > the "decode as" menu?
> >
> > -Asho
> >
> > On Thu, 26 Apr 2001 16:12:06 -0500, "Gilbert Ramirez" <gram@xxxxxxxxxx>
> wrote:
> >
> > >
> > > ----- Original Message -----
> > > From: "Ashok Narayanan" <ashokn@xxxxxxxxx>
> > > To: "Gilbert Ramirez" <gram@xxxxxxxxxx>
> > > Cc: <ethereal-dev@xxxxxxxxxxxx>
> > > Sent: Thursday, April 26, 2001 3:28 PM
> > > Subject: Re: [Ethereal-dev] Can we decode hex dumps?
> > >
> > >
> > > >
> > > > Another question: Is it possible to directly give a packet to Layer 3
> or
> > > even
> > > > to a protocol? I'm thinking of a scenario where I have got a hex dump
> of a
> > >
> > > > Thoughts? Alternatives?
> > >
> > > Provide a WTAP_ENCAP_* type for every protocol, and have every
> > > protocol register themselves with the "wtap_encap" dissector.
> > > In your example, wiretap would return encapsulation type
> > > WTAP_ENCAP_RSVP, and the rsvp dissector would have
> > > registered itself with the wtap_encap dissector table.
> > >
> > > --gilbert
> >
> >
> >
> >
> >
> > --- Asok the Intern ----------------------------------------
> > Ashok Narayanan
> > IOS Network Protocols, Cisco Systems
> > 250 Apollo Drive, Chelmsford, MA 01824
> > Ph: 978-244-8387.  Fax: 978-244-8126 (Attn: Ashok Narayanan)
> >
> >
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >





--- Asok the Intern ----------------------------------------
Ashok Narayanan
IOS Network Protocols, Cisco Systems
250 Apollo Drive, Chelmsford, MA 01824
Ph: 978-244-8387.  Fax: 978-244-8126 (Attn: Ashok Narayanan)