Hi Nan,
you can easily register
to a MAC address or any other byte in a frame by using a heuristic dissector.
Register the dissector:
heur_dissector_add("eth",
dissect_foo_heur, proto_foo);
Use this dissector
function:
static gboolean dissect_foo_heur(tvbuff_t
*tvb, packet_info *pinfo, proto_tree *tree)
{
/* check if destination
MAC equals 01:02:03:04:05:06 */
if (
(tvb_get_guint8(tvb, 0) == 0x01) &&
(tvb_get_guint8(tvb, 1) == 0x02) &&
(tvb_get_guint8(tvb, 2) == 0xa3) &&
(tvb_get_guint8(tvb, 3) == 0x04) &&
(tvb_get_guint8(tvb, 4) == 0x05) &&
(tvb_get_guint8(tvb, 5) == 0x06) )
{
/* do
dissecting */
)
else
{
/* MAC
does not match */
return
FALSE;
}
return TRUE:
}
This works perfect for
me.
Holger
Von:
wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im
Auftrag von yenan
Gesendet: Donnerstag, 21. Februar
2008 02:00
An: wireshark-dev@xxxxxxxxxxxxx
Betreff: [Wireshark-dev] [HELP]How
to dissect a packet without a protocol? It can only be digged out by its Dst
Mac or Vlan I
Hi folks:
Im writing a plugin for a packet store in the payload of standard "802.1Q
Virtual LAN" packet ,this packet does not have protocol itself, it can
only be digged by its Dst Mac address or Vlan Id, how could I dissect such
a packet?
I tried to use :
register_dissector_table() in vlan.c to create
dissector table for "vlan.id", and in the plugin I used
dissector_add() tring to call the dissector, but wont work! so , should I also
use : dissector_try_port(), what should I pass in these functions ?
Any information I can read and leanrn for these
functions?
And last question, if I try to dig out the packet by
its dst mac address, what should I do? I find out the address are in
FT_ETHER type, how can I handle such types?
I went through readme.develper couple times, still
know very little for wireshark, are there anymore documents will explain
the functions and structure in more detail?
Really need help!Thanks millions!Any information
will be greatly appreciated!
Nan
Windows Live Writer,支持离线撰写博客内容,随时随地想写就写。
立即使用!
