nimalan wrote:
> I am developing a dissector for protocol working on
> top of udp protocol.It would be just enough for me to
> use the "decode as" function for udp packets as "my
> protocol".But after writing the dissector and
> modifying the Makefiles ,My protocol name is
> available in the enabled protocols list but not in the
> decodes as protocol list.
Your dissector have to have something like:
dissector_add_handle("udp.port", rtp_handle);
or:
dissector_add("udp.port", UDP_PORT_SIP, sip_handle);
in the proto_reg_handoff_XXX in order to get an entry in the
Decode As.. protocol list when selecting a UDP packet.
Use the second alternative if there is a normal default port number or well-known port number for the protocol.
Your dissctor have to have something like:
dissector_add_handle("tcp.port", h245_handle);
or:
dissector_add("tcp.port", tcp_port, t38_tcp_handle);
in the proto_reg_handoff_XXX in order to get an entry in the
Decode As.. protocol list when selecting a TCP packet.
Look at some exciting dissectors (packet-sip.c, packet-rtp.c, packet-t38, ...) for an example how to do this.
I think that README.developer should contain some example as well.
>I would be grateful if
> someone could tell me how to do it.(i guess this
> information is not in readme.developer)Also if there
> is any cook book for writing dissectors do specify.
The README.developer combined with looking at some existing dissectors for similar
protocols is the way I started.
Then there is some other README documents for some other specific things.
http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/doc/
Ulf Lamping has started to write a developer guide.
http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/docbook/
I don't know about the status for that document.
The Syngress book "Ethereal Packet Sniffing" has one chapter called "Developing Ethereal ".
If I remember correct it was not giving so much more information than what you can
find in README.developer.
http://www.ethereal.com/news/item_20040302_01.html
