|
IMO it's well worth
going the extra mile and:
10. Read
Readme-plugins
11. Convert your
dissector to a plug-in
There's a fair
amount of debugging to be done there as well, but you can then keep
upgrading/reinstalling Ethereal without having to build your own version each
time. Don't try to go straight to a plug-in, the conversion is easy and the bug
list is easier to control if you do it in two steps.
--
Richard Urwin,
Private
"No 9000 series computer has ever made a mitsake or
corrubiteddatatato."
Never
having created a dissector, this is how I would go about it (in my own hacker
way!)
1.
Grab the source tree. 0.9.7 is the current release
2.
There is some documentation in there on how ethereal is put together. Failing
that....
3.
Pick a currently dissected protocol, say IGMP, and do a grep/find/ etc to find
the relevant dissector code. (Hint usually they are named packet-xxx.c, in this
case packet-igmp.c)
4.
Copy this dissector to yours - packet-peveeprotocol.c
.
5. Try
to hack the dissector it to make it look like it will decode your registration
packet.
6.
Hack makefile.am to add your dissector.
7. Run "make" to hopefully
compile your dissector, create the hooks into "register.c" etc, and link your
dissector into ethereal.
8. With a long stick type "ethereal" and watch
it all blow up. Then go to step 5 :-)
9. If
it runs try it on your packet. Likely you will need to go back to step 5 again
:-)
There
are probably a few bits missing here, but hopefully this will give an idea of
where to start (at least until someone who has done this
replies!)
(I
always find "grep -r" and using "tags" with vi, are my best friend when it
comes to hacking someone elses code!!!)
Martin
Visser
Network
Consultant
Technology & Infrastructure - Consulting &
Integration
COMPAQ, part of the new HP
3 Richardson Place
North Ryde, Sydney NSW 2113,
Australia
Phone (:
+61-2-9022-1670
Mobile È: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail + : martin.visserAThp.com
p/s: Ronnie suggested I post the message here...I
could be getting more help :)...Thank you
Hi,
I am not sure if dissecting is the correct word
to use. (could be
decoding new packet)
(1) I have created a
Regustration Packet which have its own format.
(2) How can I write a code
so that ETHEREAL will well recognise it and
decode it
Hope to hear
from you all soon...
Thank you
Warm regards,
Calvin
Kaiwen
_____________________________________________________________________
This
e-mail has been scanned for viruses by the WorldCom Internet Managed Scanning
Service - powered by MessageLabs. For further information visit
http://www.worldcom.com
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________
| 
