Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Newbie Dissector question

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: linux lover <linux_lover2004@xxxxxxxxx>
Date: Fri, 8 Apr 2005 02:25:56 -0700 (PDT)
hello,
       Thanks for understanding me the various packets
handled by ip protocol.
      I have one more query in following function
void proto_reg_handoff_ip(void)
{
        dissector_handle_t ip_handle;

        data_handle = find_dissector("data");
        ip_handle = find_dissector("ip");

        dissector_add("ethertype", ETHERTYPE_IP,
ip_handle);
        dissector_add("ppp.protocol", PPP_IP,
ip_handle);
             So can i say in simple words that
dissector_add is used when ethereal got packets from
ppp interface or IP packets from NIC,then use
dissect_ip function in above case.
Please correct me.

Thanks for help.
regards,
linux_lover.

--- Guy Harris <gharris@xxxxxxxxx> wrote:
> LEGO wrote:
> 
> >>        dissector_add("ppp.protocol",
> ETHERTYPE_IP,
> >>ip_handle);
> > 
> > 
> > a different way to do IP over PPP (?)
> 
> More like "a different way of constructing a network
> stack", i.e. 
> Microsoft's way of constructing it, in which
> everything above the link 
> layer expects packets that look like Ethernet
> packets, and there's a 
> "glue layer" (NDISWAN) that translates between PPP
> and Ethernet packets, 
> and, apparently, you can, when capturing with
> WinPcap, see packets with 
> PPP headers with Ethernet types rather than PPP
> types in the prtoocol field.
> 
> >>        dissector_add("null.type", BSD_AF_INET,
> ip_handle);
> > 
> > IP over .... a null socket type????
> 
> IP over BSD loopback interfaces; the DLT_ name for
> that is DLT_NULL. 
> There's really nothing "null" about it - there's a
> link-layer header for 
> them, containing a 4-byte BSD address family value.
> 
> >>        dissector_add("chdlctype", ETHERTYPE_IP,
> ip_handle);
> > 
> > IP over ????
> 
> IP over "Cisco HDLC", a pre-PPP Cisco scheme for
> encapsulating packets 
> on a synchronous serial line.
> 
> >>        dissector_add("osinl.excl", NLPID_IP,
> ip_handle);
> > 
> > IP over  OSI Network Layer???
> 
> IP over the same layering scheme used for the OSI
> networking layer, with 
> a 1-byte protocol type field.
> 
> >>  dissector_add("wtap_encap", WTAP_ENCAP_RAW_ICMP,
> >>icmp_handle);
> > 
> > 
> >>            First one is ok that ICMP packet
> processed
> >>IP header and then giving data part to ICMP but
> what
> >>is other thing wtap_encap?
> > 
> > This I realy do not know, it might well be ICMP
> found raw in a pcap
> > file by wiretap.
> 
> Yes, it's raw ICMP in HP-UX nettl files.
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube