Wireshark-dev: [Wireshark-dev] Newbie - How to "hook into" wireshark
From: "John Jamulla" <jjamulla@xxxxxxxxxxx>
Date: Tue, 13 Feb 2007 07:10:21 -0500
Hello,
 
I'm new to wireshark development and have read the README.developer only 1 time so far. *smile*
I've finally got a development environment with MS VC++ 6 and cygwin working, and I've built wireshark and have it running from the source, I then built a "dissector" with very little/nothing in it, and I can see it in the "enable dissectors" list, but I can't seem to select it to "force" a packet to be dissected with it, etc. So, with my (non-plug-in) dissector, I have a build that works correctly it appears, but my dissector doesn't yet do anything useful.
 
Now before I do anything useful with it, I wanted to see it at least get "hooked into" wireshark so it'll be called when appropriate.
I'm trying to figure out exactly how to get an existing dissector (is that an upper or lower one??, and I'm not sure exactly one would call my dissector(s)) to call a new dissector I'm going to write (maybe it's really called a sub-dissector?). Actually, I have a few different ones I need to write, and so I need to have "hooks" in for a few different cases.
 
Here's the cases:
a) I have a "protocol" that has a 0x6100 in the "ethertype" field of an Ethernet packet. How do I get one of the dissectors to call mine if it sees this in the packet?
I also have 2 more "protocols" that are similar with 0x6101 and 0x6102 in that field.
I don't have the capture file in front of me to be more specific.
 
b) I have a set of messages that are IP/UDP, and they have specific information in the first few bytes of the "data" part of a UDP packet. How do I "hook in" my dissector for this case?
 
Any help is greatly appreciated.