Wireshark-dev: [Wireshark-dev] Re : dissector_add(tcp.proto... / where to find parameter for di
Hi Eddie,
I'm almost a beginner so maybe I'm wrong, but here is what I suppose:
udp.proto doesn't exists; if you want to dissect all frames that contain udp protocol, you should use:
dissector_add("ip.proto", 0x11, red_handle)
but in this case you lose the UDP dissection (and your dissection will be eth:ip:red) and maybe create conflict (I think it can works if you disable the UDP protocol in WS).
The parameter you give in "dissector_add" should be an _expression_ associated with a hf_field in the lower dissector (in your case, UDP), so all the filter expressions you can find in the WS filter toolbar should work.
So in your case, you should use:
dissector_add("udp.length", your_length, red_handle)
where your_length is the length of your protocol (i.e. the UDP payload) +
the 8 bytes of UDP header.
use also tcp.pdu.size or tcp.len (I don't know the difference and if length include header because I don't use TCP protocol; check in packet-tcp.c how they are defined)
Hoping my help will be useful,
Yvan
De : "Eddie.1@xxxxxx" <Eddie.1@xxxxxx>
À : wireshark-dev@xxxxxxxxxxxxx
Envoyé le : Jeudi, 23 Avril 2009, 12h41mn 02s
Objet : [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()
Hello,
I'm writing a dissector and there is a Problem:
I want
to dissect all TCP and UDP-Protocols (actually I only want to dissect Protocols with a special data length, but tvb_length(tvb) doesn't work before initializing.)
So I tryed dissector_add("udp.proto", 0x11, red_handle) to dissect all packages and later I want look for the data-length. But when I start wireshark an error message appears:
Runtime Error!
Program: C:\wireshark\wireshark-gtk2\wireshark.exe
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
I don't know if "udp.proto" is the right parameter. Is ther a list with parameters for dissector_add()?
Or is there another way to dissect only packages with a special data length?
Thank you for the help
Eddie
--
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen:
http://www.gmx.net/de/go/multimessenger01___________________________________________________________________________
Sent via: Wireshark-dev mailing list <
wireshark-dev@xxxxxxxxxxxxx>
Archives:
http://www.wireshark.org/lists/wireshark-devUnsubscribe:
https://wireshark.org/mailman/options/wireshark-dev mailto:
wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe