Wireshark-dev: Re: [Wireshark-dev] Dissector over Ethernet

From: Sebastien Tandel <sebastien@xxxxxxxxx>
Date: Tue, 03 Apr 2007 22:32:36 +0200

Hi,


   Depending of your dissector complexity, you may even consider
ptvcursor API (see README.developer)
packet-homeplug.c is an example of the use of ptvcursor which is also
working on top of ethernet.

If you intend to use proto_tree_* functions, please use
proto_tree_add_item instead of proto_tree_add_[uint|string|...] whenever
possible.


Regards,
Sebastien Tandel

CANDIA, Fabrice wrote:
> Thanks Abhik, ARP dissector is exactly what I need !
>
>
> -----Message d'origine-----
> De : wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]De la part de Abhik Sarkar
> Envoyé : mardi 3 avril 2007 14:03
> À : Developer support list for Wireshark
> Objet : Re: [Wireshark-dev] Dissector over Ethernet
>
>
> Hi Fabrice,
>
> How about the ARP (packet-arp.c) dissector? One of the protocols ARP
> runs directly on is Ethernet. That should give you some ideas.
>
> Maybe packet-llc.c too.
>
> Hope this helps,
> Abhik.
>
> On 4/3/07, CANDIA, Fabrice <fabrice.candia@xxxxxxxxxx> wrote:
>   
>> Hi all,
>>
>> I am looking for a dissector able to decode a specific protocol directly over Ethernet (no IP header).
>> The dissector shall be able to decode the protocol by detecting the MAC destination and one field in the payload.
>> I am totally newbie in "wireshark dissection".
>>
>> Could somebody send me one example of a such type of dissector ?
>>
>> I tried to start from the foo example described in the developper's guide but I am not sure this example is adapted to my needs (dissector over Ethernet).
>>
>> Sincerely,
>>
>> Fabrice
>>
>>
>> This e-mail is intended only for the above addressee. It may contain privileged information.
>> If you are not the addressee you must not copy, distribute, disclose or use any of the information in it.
>> If you have received it in error please delete it and immediately notify the sender.
>> Security Notice: all e-mail, sent to or from this address, may be accessed by someone other than the recipient, for system management and security reasons. This access is controlled under Regulation of security reasons.
>> This access is controlled under Regulation of Investigatory Powers Act 2000, Lawful Business Practises.
>>
>>
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>>
>>     
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> This mail has originated outside your organization, either from an external partner or the Global Internet.
> Keep this in mind if you answer this message.
>
>
>
> This e-mail is intended only for the above addressee. It may contain privileged information.
> If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. 
> If you have received it in error please delete it and immediately notify the sender.
> Security Notice: all e-mail, sent to or from this address, may be accessed by someone other than the recipient, for system management and security reasons. This access is controlled under Regulation of security reasons.
> This access is controlled under Regulation of Investigatory Powers Act 2000, Lawful Business Practises.
>
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>