Ethereal-dev: Re: [Ethereal-dev] Support for pure protocol packets without underlying protocol
Hi Navin,
Wow, definately interesting...
I have occasionally contemplated how it would be possible to use
Ethereal to dissect messages from our SS7 stack. I had always figured
I'd have to write a fake link layer, but I never thought it'd be so easy
(at least in terms of lines of code)!
Stupid question: what do the source and destination columns say when
dissecting things over this fake link layer?
I'll play around with this and let you know what I think--but I suspect
it's exactly what I've been looking for! (BTW, I get MTP2 and higher,
so I'll likely add another fake link type for that.)
Regards,
-Jeff
Navin Anand wrote:
Hello,
My SS7 application provides me with protocol packets dump at each layer
(without the underlying protocol headers). For e.g. SCCP alone without
MTP3, MTP2.... etc. etc.
I wanted an analyzer which could read these packets. For this I have
modified Ethereal to suit my requirements.
If you think it is a worthwhile feature. I would like to contribute this.
Yours truly,
Navin Anand.
The list of new files are:
faketypes.h
packet-fakelink.c
packet-fakelink.h
The modified files are:
libpcap.c
407,413d406
<
< /*
< * 20 Added for the fake link type, required to dissect packets
< * containing higher layer protocol payload without the lower layer
< * protocol headers, e.g. pure TCP data without underlying IP.
< */
< { 20, WTAP_ENCAP_FAKE_LINK },
packet-mtp3.c (as an e.g.)
> #include "faketypes.h"
>
494a497,498
> dissector_handle_t mtp3_handle;
>
495a500,502
>
> mtp3_handle = create_dissector_handle(dissect_mtp3, proto_mtp3);
> dissector_add("fakelink.type", FAKETYPE_MTP3, mtp3_handle);
packet-sccp.c (as an e.g.)
50a51,52
> #include "faketypes.h"
>
2277a2280,2281
>
> dissector_add("fakelink.type", FAKETYPE_SCCP, sccp_handle);
wtap.h
129a130
> #define WTAP_ENCAP_FAKE_LINK 38
132c133
< #define WTAP_NUM_ENCAP_TYPES 38
---
> #define WTAP_NUM_ENCAP_TYPES 39
