Wireshark · Wireshark-dev: Re: [Wireshark-dev] calling a dissector for a specific mac address

Wireshark-dev: Re: [Wireshark-dev] calling a dissector for a specific mac address

From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>

Date: Wed, 02 Jul 2008 09:29:10 +0100

Richard Kümmel wrote:

Hi,
I am writing a dissector for a device of ours that adds a header beforethe actual ethernet header.The header is recognized by looking at the first 6 Bytes. If the first 6byte are 01 01 05 10 00 00( a mulitcast address of ours, that is only used for this purpose), theframe is an esl frame.

Why not use the ethernet type field for this? It seems to fly somewhatin the face of convention to have to interpret ethernet packetsdifferently depending on their destination address.

The only way i managed to handle this is by checking the address indissect_eth_commonand then calling the dissector directly.

...

Is there a different and better way to do this? If not is it ok to addcode like this
to the sources of wireshark?

If this is really the only way to recognise these packets, it would bebetter to add a heuristic subdissector - see packet-hilscher.c for anexample. Though, as the Cisco comment implies, I think your protocoldesign is hideous.

References:
- [Wireshark-dev] calling a dissector for a specific mac address
  - From: Richard Kümmel

Prev by Date: [Wireshark-dev] [Dev] Error adns_dll.dll
Next by Date: [Wireshark-dev] losing packets: epilogue
Previous by thread: [Wireshark-dev] calling a dissector for a specific mac address
Next by thread: [Wireshark-dev] cross compiling
Index(es):
- Date
- Thread