Wireshark-dev: Re: [Wireshark-dev] Wiresharlk plug-in
From: H F <sam5919@xxxxxxxxxx>
Date: Wed, 18 Jun 2008 10:07:07 +0000
thank yu Richard > Date: Wed, 18 Jun 2008 10:54:36 +0100 > From: richardv@xxxxxxxxxxxxx > To: wireshark-dev@xxxxxxxxxxxxx > Subject: Re: [Wireshark-dev] Wiresharlk plug-in > > Oh for goodness sake. > > Spamming the list, _and_ individual developers every day is not the way > to get an answer to your question. Now we're all just pissed off and > less likely to answer. > > If we're not answering it's because we don't know the answer, or your > question isn't clear. Probably both. > > And please don't send me private mail looking for answers to questions > which should be asked on this list. > > I suggest you go away and think about your problem and try and solve it > yourself before you pester us any further. > > > > H F wrote: > > Hi!!! > > > > > > > > I'm writing a plugin for our program's own protocol, which encapsulates > > a whole 'q931' package in user-user information element (look at the > > end of massage in red *),(look the packet 203 from the capture I sent )* > > > > ** > > > > ** > > > > In the first time ; I would just write a small program to check the > > right place to register my Protocol, and display : > > > > *Q.931* > > > > ……………………………… > > > > …………………………….. > > > > ……………………………. > > > > *User-user* > > > > Information element: User-user > > > > Length: 15 > > > > Protocol discriminator: User-specific > > protocol > > > > User information: > > > > mytype protocol ( 0xFE) > > > > Texte: > > *B30C07498131323533357F0182* > > > > > > > > > > > > I register my protocol with the table (q931.ie ) like this : > > > > dissector_add(dissector table name, value in that table, mytype_handle) > > > > ====>dissector_add('q931.ie',0xFE,foo_handle) > > > > * * you think that it’s the good table ?!!!* > > > > * * How can I register my Protocol correctly?* > > > > > > > > I think that h225 calls the Q931 dissector in packet-h323.c > > > > /* H.323, Annex M1, Tunnelling of signalling protocols (QSIG) in H.323 */ > > dissector_add_string('h225.tp', '1.3.12.9', q931_handle)) > > > > > > > > * * > > > > > > > > Best regards > > > > > > > > > > > > > > > > > > > > This function is called to register my protocol: > > > > > > > > proto_reg_handoff_ipnet(void) > > > > { > > > > static gboolean initialized = FALSE; > > > > > > > > > > > > if (!initialized) { > > > > > > > > q931_ie_handle = find_dissector('q931.ie'); > > > > dissector_add('q931.ie',0xFE,foo_handle); > > > > /*0xFE is identifier of my protocol*/ > > > > foo_handle = create_dissector_handle(dissect_foo, proto_foo); > > > > > > > > > > > > initialized = TRUE; > > > > } > > > > }; > > > > > > > > ** > > > > > > > > > > > > > > > > *No. Time Source Destination > > Protocol Info* > > > > 203 15.094231 10.24.30.13 10.24.30.15 Q.931 > > CS: setup SETUP > > > > > > > > *Frame 203 (210 bytes on wire, 210 bytes captured)* > > > > Arrival Time: Jun 2, 2008 17:57:50.481268000 > > > > [Time delta from previous captured frame: 0.016456000 seconds] > > > > [Time delta from previous displayed frame: 15.094231000 seconds] > > > > [Time since reference or first frame: 15.094231000 seconds] > > > > Frame Number: 203 > > > > Frame Length: 210 bytes > > > > Capture Length: 210 bytes > > > > [Frame is marked: False] > > > > [Protocols in frame: *eth:ip:tcp:q931:q931:h225:q931*] > > > > [Coloring Rule Name: TCP] > > > > [Coloring Rule String: tcp] > > > > Ethernet II, Src: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c), Dst: > > Ericsson_52:f2:14 (00:80:37:52:f2:14) > > > > Destination: Ericsson_52:f2:14 (00:80:37:52:f2:14) > > > > Address: Ericsson_52:f2:14 (00:80:37:52:f2:14) > > > > .... ...0 .... .... .... .... = IG bit: Individual address (unicast) > > > > .... ..0. .... .... .... .... = LG bit: Globally unique address > > (factory default) > > > > Source: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c) > > > > Address: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c) > > > > .... ...0 .... .... .... .... = IG bit: Individual address (unicast) > > > > .... ..0. .... .... .... .... = LG bit: Globally unique address > > (factory default) > > > > Type: IP (0x0800) > > > > *Internet Protocol*, Src: 10.24.30.13 (10.24.30.13), Dst: 10.24.30.15 > > (10.24.30.15) > > > > Version: 4 > > > > Header length: 20 bytes > > > > Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited > > Forwarding; ECN: 0x00) > > > > 1011 10.. = Differentiated Services Codepoint: Expedited > > Forwarding (0x2e) > > > > .... ..0. = ECN-Capable Transport (ECT): 0 > > > > .... ...0 = ECN-CE: 0 > > > > Total Length: 196 > > > > Identification: 0xf0fa (61690) > > > > Flags: 0x00 > > > > 0... = Reserved bit: Not set > > > > .0.. = Don't fragment: Not set > > > > ..0. = More fragments: Not set > > > > Fragment offset: 0 > > > > Time to live: 64 > > > > Protocol: TCP (0x06) > > > > Header checksum: 0x3836 [correct] > > > > [Good: True] > > > > [Bad : False] > > > > Source: 10.24.30.13 (10.24.30.13) > > > > Destination: 10.24.30.15 (10.24.30.15) > > > > *Transmission Control Protocol*, Src Port : mxomss (1141), Dst Port : > > h323hostcall (1720), Seq: 1, Ack: 1, Len: 156 > > > > Source port: mxomss (1141) > > > > Destination port: h323hostcall (1720) > > > > Sequence number: 1 (relative sequence number) > > > > [Next sequence number: 157 (relative sequence number)] > > > > Acknowledgement number: 1 (relative ack number) > > > > Header length: 20 bytes > > > > Flags: 0x18 (PSH, ACK) > > > > 0... .... = Congestion Window Reduced (CWR): Not set > > > > .0.. .... = ECN-Echo: Not set > > > > ..0. .... = Urgent: Not set > > > > ...1 .... = Acknowledgment: Set > > > > .... 1... = Push: Set > > > > .... .0.. = Reset: Not set > > > > .... ..0. = Syn: Not set > > > > .... ...0 = Fin: Not set > > > > Window size: 5840 > > > > Checksum: 0xc1ad [validation disabled] > > > > [Good Checksum: False] > > > > [Bad Checksum: False] > > > > *TPKT, Version: 3, Length: 156* > > > > Version: 3 > > > > Reserved: 0 > > > > Length: 156 > > > > *Q.931* > > > > Protocol discriminator: Q.931 > > > > Call reference value length: 2 > > > > Call reference flag: Message sent from originating side > > > > Call reference value: 012A > > > > Message type: SETUP (0x05) > > > > Bearer capability > > > > Information element: Bearer capability > > > > Length: 3 > > > > 1... .... = Extension indicator: last octet > > > > .00. .... = Coding standard: ITU-T standardized coding (0x00) > > > > ...0 1000 = Information transfer capability: Unrestricted > > digital information (0x08) > > > > 1... .... = Extension indicator: last octet > > > > .00. .... = Transfer mode: Circuit mode (0x00) > > > > ...1 0000 = Information transfer rate: 64 kbit/s (0x10) > > > > 1... .... = Extension indicator: last octet > > > > ...0 0101 = User information layer 1 protocol: Recommendation > > H.221 and H.242 (0x05) > > > > Called party number: '129' > > > > Information element: Called party number > > > > Length: 4 > > > > .... 1001 = Numbering plan: Private numbering (0x09) > > > > .100 .... = Number type: Subscriber number (0x04) > > > > 1... .... = Extension indicator: last octet > > > > Called party number digits: 129 > > > > User-user > > > > Information element: User-user > > > > Length: 133 > > > > Protocol discriminator: X.208 and X.209 coded user information > > > > *_H.225.0 CS_* > > > > *H323-UserInformation* > > > > *h323-uu-pdu* > > > > *h323-message-body*: setup (0) > > > > setup > > > > protocolIdentifier: 0.0.8.2250.0.2 (Version 2) > > > > h245Address: ipAddress (0) > > > > ipAddress > > > > ip: 10.24.30.13 (10.24.30.13) > > > > port: 2002 > > > > sourceInfo > > > > .... ...0 mc: False > > > > 0... .... undefinedNode: False > > > > destinationAddress: 1 item > > > > Item 0 > > > > Item: dialedDigits (0) > > > > dialedDigits: 129 > > > > .... 0... activeMC: False > > > > conferenceID: 00000018-3e17-fb70-0008-467f00b63678 > > > > conferenceGoal: create (0) > > > > create: NULL > > > > callType: pointToPoint (0) > > > > pointToPoint: NULL > > > > sourceCallSignalAddress: ipAddress (0) > > > > ipAddress > > > > ip: 10.24.30.13 (10.24.30.13) > > > > port: 1720 > > > > callIdentifier > > > > guid: 00000018-3e17-fb70-0008-467f00b63678 > > > > 0... .... mediaWaitForConnect: False > > > > 1... .... canOverlapSend: True > > > > 0... .... h245Tunneling: False > > > > *tunnelledSignallingMessage* > > > > *tunnelledProtocolID* > > > > id: tunnelledProtocolObjectID (0) > > > > tunnelledProtocolObjectID: 1.3.12.9 > > (SNMPv2-SMI::org.12.9) > > > > *messageContent: 1 item* > > > > Item 0 > > > > Item: 46 octets > > > > *Q.931* > > > > Protocol discriminator: Q.931 > > > > Call reference value length: 2 > > > > Call reference flag: Message sent from > > originating side > > > > Call reference value: 0053 > > > > Message type: SETUP (0x05) > > > > Bearer capability > > > > Information element: Bearer capability > > > > Length: 3 > > > > 1... .... = Extension indicator: last octet > > > > .00. .... = Coding standard: ITU-T > > standardized coding (0x00) > > > > ...0 0000 = Information transfer > > capability: Speech (0x00) > > > > 1... .... = Extension indicator: last octet > > > > .00. .... = Transfer mode: Circuit mode > > (0x00) > > > > ...1 0000 = Information transfer rate: > > 64 kbit/s (0x10) > > > > 1... .... = Extension indicator: last octet > > > > ...0 0011 = User information layer 1 > > protocol: Recommendation G.711 A-law (0x03) > > > > Channel identification > > > > Information element: Channel identification > > > > Length: 3 > > > > 1... .... = Extension indicator: last octet > > > > .0.. .... = Interface identifier > > present: False > > > > ..1. .... = Interface type: Primary rate > > interface > > > > .... 1... = Indicated channel is > > exclusive: Exclusive; only the indicated channel is acceptable > > > > .... .0.. = D-channel indicator: False > > > > .... ..01 = Information channel > > selection: Channel indicated in following octets (0x01) > > > > 1... .... = Extension indicator: last octet > > > > .00. .... = Coding standard: ITU-T > > standardized coding (0x00) > > > > ...0 .... = Number/map: Channel > > indicated by number > > > > .... 0011 = Element type: B-channel > > units (0x03) > > > > 1... .... = Extension indicator: last octet > > > > .000 0010 = Channel number: 2 > > > > Non-locking shift to codeset 5: Information > > elements for national use > > > > Unknown information element (0x31) > > > > Information element: Unknown (0x31) > > > > Length: 1 > > > > Data: 80 > > > > Called party number: '129' > > > > Information element: Called party number > > > > Length: 4 > > > > .... 1001 = Numbering plan: Private > > numbering (0x09) > > > > .100 .... = Number type: Subscriber > > number (0x04) > > > > 1... .... = Extension indicator: last octet > > > > Called party number digits: 129 > > > > High-layer compatibility > > > > Information element: High-layer > > compatibility > > > > Length: 2 > > > > .00. .... = Coding standard: ITU-T > > standardized coding (0x00) > > > > High layer characteristics > > identification: Telephony > > > > * User-user* > > > > Information element: User-user > > > > Length: 15 > > > > Protocol discriminator: User-specific > > protocol > > > > User information: > > *FEB30C07498131323533357F0182* > > > > * * > > > > *(0xFE is identifier of own protocol)* > > > > > > > > 0000 00 80 37 52 f2 14 00 01 ec fb c0 9c 08 00 45 b8 ..7R..........E. > > > > 0010 00 c4 f0 fa 00 00 40 06 38 36 0a 18 1e 0d 0a 18 ......@.86...... > > > > 0020 1e 0f 04 75 06 b8 22 40 11 02 00 48 c1 02 50 18 ...u..'@...H..P. > > > > 0030 16 d0 c1 ad 00 00 03 00 00 9c 08 02 01 2a 05 04 .............*.. > > > > 0040 03 88 90 a5 70 04 c9 31 32 39 7e 00 85 05 20 d0 ....p..129~... . > > > > 0050 06 00 08 91 4a 00 02 00 0a 18 1e 0d 07 d2 00 00 ....J........... > > > > 0060 01 01 00 45 c0 00 00 00 18 3e 17 fb 70 00 08 46 ...E.....>..p..F > > > > 0070 7f 00 b6 36 78 00 cd 0c 00 00 07 00 0a 18 1e 0d ...6x........... > > > > 0080 06 b8 11 00 00 00 00 18 3e 17 fb 70 00 08 46 7f ........>..p..F. > > > > 0090 00 b6 36 78 01 00 01 80 10 88 01 00 35 00 03 2b ..6x........5..+ > > > > 00a0 0c 09 01 2e 08 02 00 53 05 04 03 80 90 a3 18 03 .......S........ > > > > 00b0 a9 83 82 9d 31 01 80 70 04 c9 31 32 39 7d 02 91 ....1..p..129}.. > > > > 00c0 81 7e 0f 00 *fe b3 0c 07 49 81 31 32 35 33 35 7f .~......I.12535.* > > > > *00d0 01 82 * > > > > > > > > . > > > > Best Regards > > > > > > > > ------------------------------------------------------------------------ > > Tous vos amis discutent sur Messenger, et vous ? Téléchargez Messenger, > > c'est gratuit ! <http://www.windowslive.fr/messenger/> > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Wireshark-dev mailing list > > Wireshark-dev@xxxxxxxxxxxxx > > https://wireshark.org/mailman/listinfo/wireshark-dev > > > -- > Richard van der Hoff <richardv@xxxxxxxxxxxxx> > Project Manager > Tel: +44 (0) 845 666 7778 > http://www.mxtelecom.com > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-dev Avec Windows Live Messenger restez en contact avec tous vos amis ! Téléchargez Messenger, c'est gratuit ! |
- References:
- [Wireshark-dev] Wiresharlk plug-in
- From: H F
- Re: [Wireshark-dev] Wiresharlk plug-in
- From: Richard van der Hoff
- [Wireshark-dev] Wiresharlk plug-in
- Prev by Date: Re: [Wireshark-dev] Wiresharlk plug-in
- Next by Date: [Wireshark-dev] Support for IAB MAC addresses?
- Previous by thread: Re: [Wireshark-dev] Wiresharlk plug-in
- Next by thread: [Wireshark-dev] How to check whether a plugin is installed from inside a dissector ?
- Index(es):