For this to work your dissector needs to be registered by name. To get
that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why
is that? I tried using my dissector for the header protocol, but it
should also disscet 2 trailer bytes, does that represent a problem ?
What should I put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the
same as using the function dissector_add_uint(), am I right? If so, why
isn't working? should I change something else in pcap-common.c or wtap.c
or wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
<ashish.kumar.goel1@xxxxxxxxx <mailto:ashish.kumar.goel1@xxxxxxxxx>> wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
-> protocols -> DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez <avr989@xxxxxxxxx <mailto:avr989@xxxxxxxxx>>
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/wireshark-dev@xxxxxxxxxxxxx/msg05931.html)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ "RESERVED 138", "res0" },
{ "RESERVED 139", "res1" },
{ "RESERVED 140", "res2" },
{ "RESERVED 141", "res3" },
{ "RESERVED 142", "res4" },
{ "RESERVED 143", "res5" },
{ "RESERVED 144", "res6" },
{ "RESERVED 145", "res7" },
{ "RESERVED 146", "res8" },
/* WTAP_ENCAP_MYPROTOCOL*/
{ "MY PROTOCOL, "myprotocol" }
};
Here are the register and handoff sections of my code
----------------------------------------------------------------------------------
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table("myprotocol.proto","ACN protocol
number", FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector("myprotocol", dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector("data");
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
dissector_add_uint("tcp.port",
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
