Wireshark · Ethereal-dev: RE: [Ethereal-dev] following up another dissector after the TCP o ne..

[Lim Dennis-CDL057 <Dennis.Lim@xxxxxxxxxxxx>]

Title: Message

Hi Wasiq,

 

I'm very new to this but I happen to have successfuly coded a simple plugin. So I may know the answers to your query.

 

You can write a plugin and register the port number of the parent protocol (eg tcp.port). Ethereal will detect and use your plugin dissector to decode the lower layer protocol. You can register a 'preferences' variable in the plugin that is configurable. So that means you do not need to hardcode the port number and can change it when you wish.

 

You did mention that the port numbers are dynamic but you didn't mention how the client/server agree on the port number. If it is a number that is agreed upon in advance and configured in the client/server then the 'preferences' method may be suitable. If there is another more dynamic way of determining the port number, then you need to let us know how the port numbers are determined.

 

regards,

Dennis

-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Wasiq Nadeem KHAN
Sent: Thursday, May 13, 2004 9:13 PM
To: ethereal-dev@xxxxxxxxxxxx
Subject: [Ethereal-dev] following up another dissector after the TCP one..

Hi,

I was wondering about something...I have a XDR encoded data that i am providing as a payload to a a protocol say X. Protocol X has its own respective input values provided to its header and the whole protocol is then inserted as payload to a TCP stream

Suppose that if I want to sniff this stream, then Ethereal will use the TCP dissector and show the TCP content. But how does Ethereal know that the next dissector or plugin which it needs to implement is for Protocol X. Even if it is able to find out that the next protocol is protocol X, then again for the payload, it would need another dissector for (initally decoding XDR and) showing the actual data that was transmitted...

I am in a bit of fix here, because unfortunately, there are no specific port numbers that are specified, so I cannot hard core in TCP to look for a certain port number and then handover to another dissector. Also, TCP itself does not give any way within itself (in its header) to identify some type of value so that it can be looked at and accordingly a subtree of the dissector X can be created. Once this is done, using the dissector for the XDR data would not be a problem , cause i can hardcore it in the same dissector as for protocol X.

I hope someone out there can help me out there...cause i really cannot see how Ethereal can be configured to sniff packets relating to my protocol X on the TCP stream.In case i have not been able to clear my point, I would be more than happy to clearify, but as i dont have a lot of experience in ethereal development, i am a little lost at this...

THanks in advance,

Wasiq

---

Do you Yahoo!?
Yahoo! Movies - Buy advance tickets for 'Shrek 2'