Wireshark-dev: Re: [Wireshark-dev] How can I register a link layer protocol?
From: ashish goel <ashish.kumar.goel1@xxxxxxxxx>
Date: Tue, 6 Mar 2012 08:45:42 +0530
Hi Armando,
By creating a new workspace I meant deleting the first one completely and taking the new one and implementing the changes again.
In the mean time can you post the code.
--
Thanks,
Ashish
By creating a new workspace I meant deleting the first one completely and taking the new one and implementing the changes again.
In the mean time can you post the code.
2012/3/5 Armando Vázquez <avr989@xxxxxxxxx>
I did so by using this function:
void proto_register_myprotocol(void){...register_dissector("MY_PROTOCOL", dissect_myprotocol, proto_my_protocol);}
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:For this to work your dissector needs to be registered by name. To get that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why is that? I tried using my dissector for the header protocol, but it should also disscet 2 trailer bytes, does that represent a problem ? What should I put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the same as using the function dissector_add_uint(), am I right? If so, why isn't working? should I change something else in pcap-common.c or wtap.c or wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel <ashish.kumar.goel1@xxxxxxxxx <mailto:ashish.kumar.goel1@gmail.com>> wrote:2012/3/2 Armando Vázquez <avr989@xxxxxxxxx <mailto:avr989@xxxxxxxxx>>
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
-> protocols -> DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/wireshark-dev@xxxxxxxxxxxxx/msg05931.html)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ "RESERVED 138", "res0" },
{ "RESERVED 139", "res1" },
{ "RESERVED 140", "res2" },
{ "RESERVED 141", "res3" },
{ "RESERVED 142", "res4" },
{ "RESERVED 143", "res5" },
{ "RESERVED 144", "res6" },
{ "RESERVED 145", "res7" },
{ "RESERVED 146", "res8" },
/* WTAP_ENCAP_MYPROTOCOL*/
{ "MY PROTOCOL, "myprotocol" }
};
Here are the register and handoff sections of my code
----------------------------------------------------------------------------------
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table("myprotocol.proto","ACN protocol
number", FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector("myprotocol", dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector("data");
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
dissector_add_uint("tcp.port",
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Thanks,
Ashish
- References:
- [Wireshark-dev] How can I register a link layer protocol?
- From: Armando Vázquez
- Re: [Wireshark-dev] How can I register a link layer protocol?
- From: ashish goel
- Re: [Wireshark-dev] How can I register a link layer protocol?
- From: Armando Vázquez
- Re: [Wireshark-dev] How can I register a link layer protocol?
- From: Jeff Morriss
- Re: [Wireshark-dev] How can I register a link layer protocol?
- From: Armando Vázquez
- [Wireshark-dev] How can I register a link layer protocol?
- Prev by Date: Re: [Wireshark-dev] Err when using a pipe
- Next by Date: Re: [Wireshark-dev] Err when using a pipe
- Previous by thread: Re: [Wireshark-dev] How can I register a link layer protocol?
- Next by thread: [Wireshark-dev] Frame comments in Microsoft Network Monitor
- Index(es):