Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] dissecting data portion of IP

From: "Daniel Roman" <danielson80@xxxxxxxxx>
Date: Wed, 31 Oct 2007 16:58:55 -0400
Hello:

I'm attempting to dissect my own protocol which lies under the IP protocol. Therefore it's MAC->IP->MyProtocol.
I was looking at the the packet-tcp.c dissector and it does the following:

void
proto_reg_handoff_tcp(void)
{
    dissector_handle_t tcp_handle;

    tcp_handle = create_dissector_handle(dissect_tcp, proto_tcp);
    dissector_add("ip.proto", IP_PROTO_TCP, tcp_handle);
    data_handle = find_dissector("data");
    tcp_tap = register_tap("tcp");
}

I'm attempting to do the same on my own dissector but I'm not to sure on what to use for the second argument of dissector_add. (TCP dissector uses IP_PROTO_TCP)

The IP Header of my packet contains 0xC8 for the Protocol Type. Can I do dissector_add("ip.proto", 0xC8, myprotocol_handle); to instruct wireshark to
call my dissector if an IP protocol type of 0xC8 is encountered?

- Dan