On Thursday, August 28, 2003, at 8:46 AM, Michael Brailsford wrote:
I am currently writing a packet dissector to analyze the networking
traffic that we are generating in our application. We send the packets
on a closed network (without outside access) and we send them directly
in an ethernet packet. I can't figure out what to specify as the
handoff point between the ethernet dissector and mine. I see a lot of
"dissector_add("ethertype", ...)". But that will handoff only based on
the type field in the ethernet spec. The handoff should occur on every
single ethernet packet that is on the network. How would I do that?
There isn't a mechanism to do that, because that's not standard use of
Ethernet - we can't anticipate everything somebody might do, so people
doing non-standard networking things might find that Ethereal doesn't
provide a mechanism into which to plug in a dissector for the stuff
they're doing.
However, there is one other place where that sort of non-standard use
of Ethernet is supported - some piece of Cisco hardware for cable modem
support can send DOCSIS packets over an Ethernet, encapsulated inside
Ethernet framing, but with a DOCSIS packet rather than an Ethernet
packet inside that framing, i.e. there is *not* an Ethernet header on
the packets; they're just using the Ethernet as a bit pipe for sending
frames of data, they're not using it as an Ethernet.
If that's what you're doing as well, we might want to provide a general
mechanism for doing that. When you say "directly in an Ethernet
packet", do you mean you're sending your packets as payload inside
Ethernet packets with a 14-byte Ethernet header (in which case you
could just choose an Ethernet type for that), or do you mean you're
using the Ethernet as Cisco are, i.e. as a bit pipe for frames of data,
with the frame *not* containing an Ethernet header?
