Wireshark-dev: Re: [Wireshark-dev] Wiresharlk plug-in
From: H F <sam5919@xxxxxxxxxx>
Date: Wed, 18 Jun 2008 10:07:07 +0000
thank yu Richard

> Date: Wed, 18 Jun 2008 10:54:36 +0100
> From: richardv@xxxxxxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] Wiresharlk plug-in
>
> Oh for goodness sake.
>
> Spamming the list, _and_ individual developers every day is not the way
> to get an answer to your question. Now we're all just pissed off and
> less likely to answer.
>
> If we're not answering it's because we don't know the answer, or your
> question isn't clear. Probably both.
>
> And please don't send me private mail looking for answers to questions
> which should be asked on this list.
>
> I suggest you go away and think about your problem and try and solve it
> yourself before you pester us any further.
>
>
>
> H F wrote:
> > Hi!!!
> >
> >
> >
> > I'm writing a plugin for our program's own protocol, which encapsulates
> > a whole 'q931' package in user-user information element (look at the
> > end of massage in red *),(look the packet 203 from the capture I sent )*
> >
> > **
> >
> > **
> >
> > In the first time ; I would just write a small program to check the
> > right place to register my Protocol, and display :
> >
> > *Q.931*
> >
> > ………………………………
> >
> > ……………………………..
> >
> > …………………………….
> >
> > *User-user*
> >
> > Information element: User-user
> >
> > Length: 15
> >
> > Protocol discriminator: User-specific
> > protocol
> >
> > User information:
> >
> > mytype protocol ( 0xFE)
> >
> > Texte:
> > *B30C07498131323533357F0182*
> >
> >
> >
> >
> >
> > I register my protocol with the table (q931.ie ) like this :
> >
> > dissector_add(dissector table name, value in that table, mytype_handle)
> >
> > ====>dissector_add('q931.ie',0xFE,foo_handle)
> >
> > * * you think that it’s the good table ?!!!*
> >
> > * * How can I register my Protocol correctly?*
> >
> >
> >
> > I think that h225 calls the Q931 dissector in packet-h323.c
> >
> > /* H.323, Annex M1, Tunnelling of signalling protocols (QSIG) in H.323 */
> > dissector_add_string('h225.tp', '1.3.12.9', q931_handle))
> >
> >
> >
> > * *
> >
> >
> >
> > Best regards
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > This function is called to register my protocol:
> >
> >
> >
> > proto_reg_handoff_ipnet(void)
> >
> > {
> >
> > static gboolean initialized = FALSE;
> >
> >
> >
> >
> >
> > if (!initialized) {
> >
> >
> >
> > q931_ie_handle = find_dissector('q931.ie');
> >
> > dissector_add('q931.ie',0xFE,foo_handle);
> >
> > /*0xFE is identifier of my protocol*/
> >
> > foo_handle = create_dissector_handle(dissect_foo, proto_foo);
> >
> >
> >
> >
> >
> > initialized = TRUE;
> >
> > }
> >
> > };
> >
> >
> >
> > **
> >
> >
> >
> >
> >
> >
> >
> > *No. Time Source Destination
> > Protocol Info*
> >
> > 203 15.094231 10.24.30.13 10.24.30.15 Q.931
> > CS: setup SETUP
> >
> >
> >
> > *Frame 203 (210 bytes on wire, 210 bytes captured)*
> >
> > Arrival Time: Jun 2, 2008 17:57:50.481268000
> >
> > [Time delta from previous captured frame: 0.016456000 seconds]
> >
> > [Time delta from previous displayed frame: 15.094231000 seconds]
> >
> > [Time since reference or first frame: 15.094231000 seconds]
> >
> > Frame Number: 203
> >
> > Frame Length: 210 bytes
> >
> > Capture Length: 210 bytes
> >
> > [Frame is marked: False]
> >
> > [Protocols in frame: *eth:ip:tcp:q931:q931:h225:q931*]
> >
> > [Coloring Rule Name: TCP]
> >
> > [Coloring Rule String: tcp]
> >
> > Ethernet II, Src: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c), Dst:
> > Ericsson_52:f2:14 (00:80:37:52:f2:14)
> >
> > Destination: Ericsson_52:f2:14 (00:80:37:52:f2:14)
> >
> > Address: Ericsson_52:f2:14 (00:80:37:52:f2:14)
> >
> > .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
> >
> > .... ..0. .... .... .... .... = LG bit: Globally unique address
> > (factory default)
> >
> > Source: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
> >
> > Address: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
> >
> > .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
> >
> > .... ..0. .... .... .... .... = LG bit: Globally unique address
> > (factory default)
> >
> > Type: IP (0x0800)
> >
> > *Internet Protocol*, Src: 10.24.30.13 (10.24.30.13), Dst: 10.24.30.15
> > (10.24.30.15)
> >
> > Version: 4
> >
> > Header length: 20 bytes
> >
> > Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited
> > Forwarding; ECN: 0x00)
> >
> > 1011 10.. = Differentiated Services Codepoint: Expedited
> > Forwarding (0x2e)
> >
> > .... ..0. = ECN-Capable Transport (ECT): 0
> >
> > .... ...0 = ECN-CE: 0
> >
> > Total Length: 196
> >
> > Identification: 0xf0fa (61690)
> >
> > Flags: 0x00
> >
> > 0... = Reserved bit: Not set
> >
> > .0.. = Don't fragment: Not set
> >
> > ..0. = More fragments: Not set
> >
> > Fragment offset: 0
> >
> > Time to live: 64
> >
> > Protocol: TCP (0x06)
> >
> > Header checksum: 0x3836 [correct]
> >
> > [Good: True]
> >
> > [Bad : False]
> >
> > Source: 10.24.30.13 (10.24.30.13)
> >
> > Destination: 10.24.30.15 (10.24.30.15)
> >
> > *Transmission Control Protocol*, Src Port : mxomss (1141), Dst Port :
> > h323hostcall (1720), Seq: 1, Ack: 1, Len: 156
> >
> > Source port: mxomss (1141)
> >
> > Destination port: h323hostcall (1720)
> >
> > Sequence number: 1 (relative sequence number)
> >
> > [Next sequence number: 157 (relative sequence number)]
> >
> > Acknowledgement number: 1 (relative ack number)
> >
> > Header length: 20 bytes
> >
> > Flags: 0x18 (PSH, ACK)
> >
> > 0... .... = Congestion Window Reduced (CWR): Not set
> >
> > .0.. .... = ECN-Echo: Not set
> >
> > ..0. .... = Urgent: Not set
> >
> > ...1 .... = Acknowledgment: Set
> >
> > .... 1... = Push: Set
> >
> > .... .0.. = Reset: Not set
> >
> > .... ..0. = Syn: Not set
> >
> > .... ...0 = Fin: Not set
> >
> > Window size: 5840
> >
> > Checksum: 0xc1ad [validation disabled]
> >
> > [Good Checksum: False]
> >
> > [Bad Checksum: False]
> >
> > *TPKT, Version: 3, Length: 156*
> >
> > Version: 3
> >
> > Reserved: 0
> >
> > Length: 156
> >
> > *Q.931*
> >
> > Protocol discriminator: Q.931
> >
> > Call reference value length: 2
> >
> > Call reference flag: Message sent from originating side
> >
> > Call reference value: 012A
> >
> > Message type: SETUP (0x05)
> >
> > Bearer capability
> >
> > Information element: Bearer capability
> >
> > Length: 3
> >
> > 1... .... = Extension indicator: last octet
> >
> > .00. .... = Coding standard: ITU-T standardized coding (0x00)
> >
> > ...0 1000 = Information transfer capability: Unrestricted
> > digital information (0x08)
> >
> > 1... .... = Extension indicator: last octet
> >
> > .00. .... = Transfer mode: Circuit mode (0x00)
> >
> > ...1 0000 = Information transfer rate: 64 kbit/s (0x10)
> >
> > 1... .... = Extension indicator: last octet
> >
> > ...0 0101 = User information layer 1 protocol: Recommendation
> > H.221 and H.242 (0x05)
> >
> > Called party number: '129'
> >
> > Information element: Called party number
> >
> > Length: 4
> >
> > .... 1001 = Numbering plan: Private numbering (0x09)
> >
> > .100 .... = Number type: Subscriber number (0x04)
> >
> > 1... .... = Extension indicator: last octet
> >
> > Called party number digits: 129
> >
> > User-user
> >
> > Information element: User-user
> >
> > Length: 133
> >
> > Protocol discriminator: X.208 and X.209 coded user information
> >
> > *_H.225.0 CS_*
> >
> > *H323-UserInformation*
> >
> > *h323-uu-pdu*
> >
> > *h323-message-body*: setup (0)
> >
> > setup
> >
> > protocolIdentifier: 0.0.8.2250.0.2 (Version 2)
> >
> > h245Address: ipAddress (0)
> >
> > ipAddress
> >
> > ip: 10.24.30.13 (10.24.30.13)
> >
> > port: 2002
> >
> > sourceInfo
> >
> > .... ...0 mc: False
> >
> > 0... .... undefinedNode: False
> >
> > destinationAddress: 1 item
> >
> > Item 0
> >
> > Item: dialedDigits (0)
> >
> > dialedDigits: 129
> >
> > .... 0... activeMC: False
> >
> > conferenceID: 00000018-3e17-fb70-0008-467f00b63678
> >
> > conferenceGoal: create (0)
> >
> > create: NULL
> >
> > callType: pointToPoint (0)
> >
> > pointToPoint: NULL
> >
> > sourceCallSignalAddress: ipAddress (0)
> >
> > ipAddress
> >
> > ip: 10.24.30.13 (10.24.30.13)
> >
> > port: 1720
> >
> > callIdentifier
> >
> > guid: 00000018-3e17-fb70-0008-467f00b63678
> >
> > 0... .... mediaWaitForConnect: False
> >
> > 1... .... canOverlapSend: True
> >
> > 0... .... h245Tunneling: False
> >
> > *tunnelledSignallingMessage*
> >
> > *tunnelledProtocolID*
> >
> > id: tunnelledProtocolObjectID (0)
> >
> > tunnelledProtocolObjectID: 1.3.12.9
> > (SNMPv2-SMI::org.12.9)
> >
> > *messageContent: 1 item*
> >
> > Item 0
> >
> > Item: 46 octets
> >
> > *Q.931*
> >
> > Protocol discriminator: Q.931
> >
> > Call reference value length: 2
> >
> > Call reference flag: Message sent from
> > originating side
> >
> > Call reference value: 0053
> >
> > Message type: SETUP (0x05)
> >
> > Bearer capability
> >
> > Information element: Bearer capability
> >
> > Length: 3
> >
> > 1... .... = Extension indicator: last octet
> >
> > .00. .... = Coding standard: ITU-T
> > standardized coding (0x00)
> >
> > ...0 0000 = Information transfer
> > capability: Speech (0x00)
> >
> > 1... .... = Extension indicator: last octet
> >
> > .00. .... = Transfer mode: Circuit mode
> > (0x00)
> >
> > ...1 0000 = Information transfer rate:
> > 64 kbit/s (0x10)
> >
> > 1... .... = Extension indicator: last octet
> >
> > ...0 0011 = User information layer 1
> > protocol: Recommendation G.711 A-law (0x03)
> >
> > Channel identification
> >
> > Information element: Channel identification
> >
> > Length: 3
> >
> > 1... .... = Extension indicator: last octet
> >
> > .0.. .... = Interface identifier
> > present: False
> >
> > ..1. .... = Interface type: Primary rate
> > interface
> >
> > .... 1... = Indicated channel is
> > exclusive: Exclusive; only the indicated channel is acceptable
> >
> > .... .0.. = D-channel indicator: False
> >
> > .... ..01 = Information channel
> > selection: Channel indicated in following octets (0x01)
> >
> > 1... .... = Extension indicator: last octet
> >
> > .00. .... = Coding standard: ITU-T
> > standardized coding (0x00)
> >
> > ...0 .... = Number/map: Channel
> > indicated by number
> >
> > .... 0011 = Element type: B-channel
> > units (0x03)
> >
> > 1... .... = Extension indicator: last octet
> >
> > .000 0010 = Channel number: 2
> >
> > Non-locking shift to codeset 5: Information
> > elements for national use
> >
> > Unknown information element (0x31)
> >
> > Information element: Unknown (0x31)
> >
> > Length: 1
> >
> > Data: 80
> >
> > Called party number: '129'
> >
> > Information element: Called party number
> >
> > Length: 4
> >
> > .... 1001 = Numbering plan: Private
> > numbering (0x09)
> >
> > .100 .... = Number type: Subscriber
> > number (0x04)
> >
> > 1... .... = Extension indicator: last octet
> >
> > Called party number digits: 129
> >
> > High-layer compatibility
> >
> > Information element: High-layer
> > compatibility
> >
> > Length: 2
> >
> > .00. .... = Coding standard: ITU-T
> > standardized coding (0x00)
> >
> > High layer characteristics
> > identification: Telephony
> >
> > * User-user*
> >
> > Information element: User-user
> >
> > Length: 15
> >
> > Protocol discriminator: User-specific
> > protocol
> >
> > User information:
> > *FEB30C07498131323533357F0182*
> >
> > * *
> >
> > *(0xFE is identifier of own protocol)*
> >
> >
> >
> > 0000 00 80 37 52 f2 14 00 01 ec fb c0 9c 08 00 45 b8 ..7R..........E.
> >
> > 0010 00 c4 f0 fa 00 00 40 06 38 36 0a 18 1e 0d 0a 18 ......@.86......
> >
> > 0020 1e 0f 04 75 06 b8 22 40 11 02 00 48 c1 02 50 18 ...u..'@...H..P.
> >
> > 0030 16 d0 c1 ad 00 00 03 00 00 9c 08 02 01 2a 05 04 .............*..
> >
> > 0040 03 88 90 a5 70 04 c9 31 32 39 7e 00 85 05 20 d0 ....p..129~... .
> >
> > 0050 06 00 08 91 4a 00 02 00 0a 18 1e 0d 07 d2 00 00 ....J...........
> >
> > 0060 01 01 00 45 c0 00 00 00 18 3e 17 fb 70 00 08 46 ...E.....>..p..F
> >
> > 0070 7f 00 b6 36 78 00 cd 0c 00 00 07 00 0a 18 1e 0d ...6x...........
> >
> > 0080 06 b8 11 00 00 00 00 18 3e 17 fb 70 00 08 46 7f ........>..p..F.
> >
> > 0090 00 b6 36 78 01 00 01 80 10 88 01 00 35 00 03 2b ..6x........5..+
> >
> > 00a0 0c 09 01 2e 08 02 00 53 05 04 03 80 90 a3 18 03 .......S........
> >
> > 00b0 a9 83 82 9d 31 01 80 70 04 c9 31 32 39 7d 02 91 ....1..p..129}..
> >
> > 00c0 81 7e 0f 00 *fe b3 0c 07 49 81 31 32 35 33 35 7f .~......I.12535.*
> >
> > *00d0 01 82 *
> >
> >
> >
> > .
> >
> > Best Regards
> >
> >
> >
> > ------------------------------------------------------------------------
> > Tous vos amis discutent sur Messenger, et vous ? Téléchargez Messenger,
> > c'est gratuit ! <http://www.windowslive.fr/messenger/>
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-dev
>
>
> --
> Richard van der Hoff <richardv@xxxxxxxxxxxxx>
> Project Manager
> Tel: +44 (0) 845 666 7778
> http://www.mxtelecom.com
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev


Avec Windows Live Messenger restez en contact avec tous vos amis ! Téléchargez Messenger, c'est gratuit !