Wireshark · Ethereal-users: Re: [Ethereal-users] Re: Newbie Dissector question

Ethereal-users: Re: [Ethereal-users] Re: Newbie Dissector question

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: linux lover <linux_lover2004@xxxxxxxxx>

Date: Fri, 8 Apr 2005 05:04:10 -0700 (PDT)

Hello,
--- ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> Correct.
> 
> The dissector_add() lines registers the ip dissector
> for those
> transports which transports ip.
> It just registers dissect_ip() in some external
> dissector tables.
> 
> Look inside packet-eth.c you will see the dissector
> table for things  
> running ontop of ethernet and see soemthing liek
> dissector_try_port() that will call the dissector
> registered in that
> table.
     I check that one. i found it in
packet-ethernet.c.
OK,so following function is used to search dissector
table for that packets handoff to next protocol.
dissector_found =
dissector_try_port(ethertype_dissector_table,
		    etype, next_tvb, pinfo, tree);

       Then why following is used in packet-eth.c 
fw1_handle = find_dissector("fw1");
        Does it not also finds next dissector routine
to handle packet?
regards,
linux_lover.


> 
> 
>  
> On Fri, 8 Apr 2005 02:25:56 -0700 (PDT), linux lover
> <linux_lover2004@xxxxxxxxx> wrote:
> > hello,
> >        Thanks for understanding me the various
> packets
> > handled by ip protocol.
> >       I have one more query in following function
> > void proto_reg_handoff_ip(void)
> > {
> >         dissector_handle_t ip_handle;
> > 
> >         data_handle = find_dissector("data");
> >         ip_handle = find_dissector("ip");
> > 
> >         dissector_add("ethertype", ETHERTYPE_IP,
> > ip_handle);
> >         dissector_add("ppp.protocol", PPP_IP,
> > ip_handle);
> >              So can i say in simple words that
> > dissector_add is used when ethereal got packets
> from
> > ppp interface or IP packets from NIC,then use
> > dissect_ip function in above case.
> > Please correct me.
> > 
> > Thanks for help.
> > regards,
> > linux_lover.
> > 
> > --- Guy Harris <gharris@xxxxxxxxx> wrote:
> > > LEGO wrote:
> > > 
> > > >>        dissector_add("ppp.protocol",
> > > ETHERTYPE_IP,
> > > >>ip_handle);
> > > > 
> > > > 
> > > > a different way to do IP over PPP (?)
> > > 
> > > More like "a different way of constructing a
> network
> > > stack", i.e. 
> > > Microsoft's way of constructing it, in which
> > > everything above the link 
> > > layer expects packets that look like Ethernet
> > > packets, and there's a 
> > > "glue layer" (NDISWAN) that translates between
> PPP
> > > and Ethernet packets, 
> > > and, apparently, you can, when capturing with
> > > WinPcap, see packets with 
> > > PPP headers with Ethernet types rather than PPP
> > > types in the prtoocol field.
> > > 
> > > >>        dissector_add("null.type",
> BSD_AF_INET,
> > > ip_handle);
> > > > 
> > > > IP over .... a null socket type????
> > > 
> > > IP over BSD loopback interfaces; the DLT_ name
> for
> > > that is DLT_NULL. 
> > > There's really nothing "null" about it - there's
> a
> > > link-layer header for 
> > > them, containing a 4-byte BSD address family
> value.
> > > 
> > > >>        dissector_add("chdlctype",
> ETHERTYPE_IP,
> > > ip_handle);
> > > > 
> > > > IP over ????
> > > 
> > > IP over "Cisco HDLC", a pre-PPP Cisco scheme for
> > > encapsulating packets 
> > > on a synchronous serial line.
> > > 
> > > >>        dissector_add("osinl.excl", NLPID_IP,
> > > ip_handle);
> > > > 
> > > > IP over  OSI Network Layer???
> > > 
> > > IP over the same layering scheme used for the
> OSI
> > > networking layer, with 
> > > a 1-byte protocol type field.
> > > 
> > > >>  dissector_add("wtap_encap",
> WTAP_ENCAP_RAW_ICMP,
> > > >>icmp_handle);
> > > > 
> > > > 
> > > >>            First one is ok that ICMP packet
> > > processed
> > > >>IP header and then giving data part to ICMP
> but
> > > what
> > > >>is other thing wtap_encap?
> > > > 
> > > > This I realy do not know, it might well be
> ICMP
> > > found raw in a pcap
> > > > file by wiretap.
> > > 
> > > Yes, it's raw ICMP in HP-UX nettl files.
> > > 
> > > _______________________________________________
> > > Ethereal-users mailing list
> > > Ethereal-users@xxxxxxxxxxxx
> > >
> >
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
> > > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> > http://mail.yahoo.com 
> > 
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> >
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

References:
- [Ethereal-users] Re: Newbie Dissector question
  - From: ronnie sahlberg

Prev by Date: [Ethereal-users] Ethereal - does not capture outgoing packets
Next by Date: Re: [Ethereal-users] question regarding VoIP
Previous by thread: [Ethereal-users] Re: Newbie Dissector question
Next by thread: [Ethereal-users] Re: summary and partial detail dissection
Index(es):
- Date
- Thread