Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: [Wireshark-dev] plug in dissector for Wireshark 0.99.3

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Bill Fassler <bill.fassler@xxxxxxxxx>
Date: Fri, 15 Sep 2006 12:14:57 -0700 (PDT)
I am working on a proprietary VoIP protocol plugin.  I have my build enviornment configured and am apparently producing a usable plugin dll.  My company isolates its intenal development machines from the external Internet, so what I wind up doing is building on a Internet capable workstation in order to allow the Makefile to auto download all it wants. Then I use a downloaded binary setup file to install Wireshark on the internal (non-Internet capable) workstations, afterwards I port my dll from my build machine into the appropriate directory. The plugin is recognized and the traffic is passed to my dissector.

Enough of the background info, here is my issue:

The traffic is initially captured and classified as "Ethernet II" (apparently the default selection when Wireshark can't determine what kind of Ethernet traffic).  Although it looks like I can get my dissector to start on the packet after the byte that identifies ethernet type (byte 14) I don't know how to "backtrack" and over rule what the core Wireshark application has already dissected.  As you can see from this snipped, my protocol (566F) is still considered "Type : Unkown" even though it just used that information to pass the packet to my plugin.  Also there is information in the source and destination MAC addresses that I would like to dissect.

Any ideas or help would be appreciated.

Bill
VoCAL Technologies, Ltd
Amherst, NY


Frame 986 (98 bytes on wire, 98 bytes captured)
    Arrival Time: Sep 15, 2006 14:54:07.511824000
    [Time delta from previous packet: 0.000952000 seconds]
    [Time since reference or first frame: 2.450560000 seconds]
    Frame Number: 986
    Packet Length: 98 bytes
    Capture Length: 98 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:vppn]
Ethernet II, Src: IeeeRegi_33:7f:00 (00:50:c2:33:7f:00), Dst: IeeeRegi_33:7f:fc (00:50:c2:33:7f:fc)
    Destination: IeeeRegi_33:7f:fc (00:50:c2:33:7f:fc)
    Source: IeeeRegi_33:7f:00 (00:50:c2:33:7f:00)
    Type: Unknown (0x566f)
VoCAL Private Phone Network

     (.... I can dissect past this point OK it seems.....)

Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube