ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Use ethereal as a proprietary protocol parser; no ethernet/I

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Hal Lander" <hal_lander@xxxxxxxxxxx>
Date: Wed, 31 Jan 2007 00:42:33 -0900
Hi Tom,
I am just starting to learn how to use Wireshark myself (it used to be Ethereal),messing about with a protocol sent within TCP.
You should probably start by downloading Wireshark and running it on your network to see what it does. It will capture and decode the TCP which it knows about, but will not understand your proprietary protoco - though you will see the bytesl. If you write a new dissector plugin for your protocol Wireshark will then be able to decode it as well as the TCP.
One problem will be that you seem to be wanting to run from log files, which are probably not in a format that Wireshark can read.
So, yes I would use Wireshark but I would try and capture the network data using packages that already exist and which save a format that Wireshark can already read. 

Hal



From: Tom McLaughlin <tmcl98@xxxxxxxxx>
Reply-To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> 
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Use ethereal as a proprietary protocol parser;no ethernet/IP decoding 
Date: Tue, 30 Jan 2007 15:09:09 -0800 (PST)

Hello,
I work for a company that build proprietary communication systems for the utility industry. We have a proprietary communcation protocol that can be wrapped in several standard protocols. I would like to build a log parser that looks like Ethereal for our protocol if possible. This would not be a new dissector from what I understand for other protocols wrapped in Ethernet or IP.
Basically, get Ethereal to read in a file with a bunch of hex strings, somewhere define what the fields are, and use the Ethereal gui. 

Possible?  Thoughts?

Or would it be better to just start from scratch?

Tom
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


_________________________________________________________________
Valentine�s Day -- Shop for gifts that spell L-O-V-E at MSN Shopping http://shopping.msn.com/content/shp/?ctId=8323,ptnrid=37,ptnrdata=24095&tcode=wlmtagline
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube