Wireshark · Wireshark-dev: Re: [Wireshark-dev] Start Dissection from an upper layer?

Wireshark-dev: Re: [Wireshark-dev] Start Dissection from an upper layer?

From: Guillaume Bienkowski <guillaume.bienkowski@xxxxxxxxxxxx>

Date: Tue, 10 Jun 2008 16:21:52 +0200

Argh, I just poorly explained myself: I was just confused with Ethernetand IP.


So I confirm, I get only "data" from the 3rd layer (IP)

Actually, it will always be IP datagrams, so I don't have to bother withIPX or other fancy 3rd layer protocols).

What I'd like to do now to start the dissection from the 3rd layer, sothat I only have one modification to do (the "ip" dissector).

What I don't understand is how to make the IP protocol register itselfas a "1st layer" protocol (meaning: the dissection should start byseeking IP headers).


The packet-ip.c has this:


void
proto_reg_handoff_ip(void)
{
   dissector_handle_t ip_handle;

       data_handle = find_dissector("data");
       ip_handle = find_dissector("ip");
   tapa_handle = find_dissector("tapa");
   dissector_add("ethertype", ETHERTYPE_IP, ip_handle);
   dissector_add("ppp.protocol", PPP_IP, ip_handle);
   dissector_add("ppp.protocol", ETHERTYPE_IP, ip_handle);
   dissector_add("gre.proto", ETHERTYPE_IP, ip_handle);
   dissector_add("gre.proto", GRE_WCCP, ip_handle);
   dissector_add("llc.dsap", SAP_IP, ip_handle);
   dissector_add("ip.proto", IP_PROTO_IPIP, ip_handle);
   dissector_add("null.type", BSD_AF_INET, ip_handle);
   dissector_add("chdlctype", ETHERTYPE_IP, ip_handle);
   dissector_add("osinl.excl", NLPID_IP, ip_handle);
   dissector_add("fr.ietf", NLPID_IP, ip_handle);
   dissector_add("x.25.spi", NLPID_IP, ip_handle);

dissector_add("arcnet.protocol_id", ARCNET_PROTO_IP_1051,ip_handle);dissector_add("arcnet.protocol_id", ARCNET_PROTO_IP_1201,ip_handle);

   dissector_add_handle("udp.port", ip_handle);
}

What should I change in there?



Gilbert Ramirez a écrit :

On Tue, Jun 10, 2008 at 7:27 PM, Guillaume Bienkowski
<guillaume.bienkowski@xxxxxxxxxxxx> wrote:

>
> What I know is that my packet data will always contain ONLY the 2nd
> layer data (Ethernet) and the encapsulated data (TCP, UDP, ...).
>

I think I misunderstood you. I thought your packets started at IP or
IPX.  Is that not the case?

--gilbert
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev

Follow-Ups:
- Re: [Wireshark-dev] Start Dissection from an upper layer?
  - From: Eloy Paris

References:
- [Wireshark-dev] Start Dissection from an upper layer?
  - From: Guillaume Bienkowski
- Re: [Wireshark-dev] Start Dissection from an upper layer?
  - From: Gilbert Ramirez
- Re: [Wireshark-dev] Start Dissection from an upper layer?
  - From: Guillaume Bienkowski
- Re: [Wireshark-dev] Start Dissection from an upper layer?
  - From: Gilbert Ramirez

Prev by Date: Re: [Wireshark-dev] Start Dissection from an upper layer?
Next by Date: Re: [Wireshark-dev] Build Failure.Please help!!
Previous by thread: Re: [Wireshark-dev] Start Dissection from an upper layer?
Next by thread: Re: [Wireshark-dev] Start Dissection from an upper layer?
Index(es):
- Date
- Thread