Wireshark-dev: Re: [Wireshark-dev] Need help about subprotocol
From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Sun, 28 Jan 2007 02:59:36 +0100
On 1/27/07, Bingyao Du <dubingyao@xxxxxxxxx> wrote:
Hi Amit

My problem is there are too many fields in only one protocol. So, I want to
split the packet into two independent dissectors. I attached it:)

Trust me they are not that many... take a look at packet-alcap.c (just
one example and see it yourself)


Steve,

I do it as you said. But the problem is there are too many fields. I think
it's better split it into two protocols. Attached the C file. The problem
troubles me for many days. Wow...

Best regards

-Bingyao


2007/1/27, Stephen Fisher <stephentfisher@xxxxxxxxx>:
> On Sat, Jan 27, 2007 at 01:06:19AM +0800, Bingyao Du wrote:
>
> > The protocol I'm dissecting has a "header" portion, that contains a
> > "type field", and then a payload with different format for each type.
> > The Header protion contains several fields.
> >
> > I thinks it's better to display the packet with two dissectors, just
> > looks like IP dissector and TCP dissector. What should I do? Or could
> > you send me an example or demo? Thanks very much.
>
> The best/easiest way to do it is within the same dissector.  A dissector
> you can use as an example is packet-wlccp.c.  The only difference is
> that the version (akin to your type) field is at the beginning of the
> packet, but that doesn't make a difference in how it's implemented.
> Line 205 gets the version (type in your case) and line 208 checks if the
> type is 0x0 and displays fields based on that version.  Line 231 checks
> if the version is instead 0xC1 and displays fields based on that
> version.
>
>
> Steve
>
>


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev





--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan