Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] calling a dissector for a specific mac address
From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Date: Wed, 02 Jul 2008 09:29:10 +0100
Richard Kümmel wrote:
Hi,I am writing a dissector for a device of ours that adds a header before the actual ethernet header. The header is recognized by looking at the first 6 Bytes. If the first 6 byte are 01 01 05 10 00 00 ( a mulitcast address of ours, that is only used for this purpose), the frame is an esl frame.
Why not use the ethernet type field for this? It seems to fly somewhat in the face of convention to have to interpret ethernet packets differently depending on their destination address.
The only way i managed to handle this is by checking the address in dissect_eth_common and then calling the dissector directly.
...
Is there a different and better way to do this? If not is it ok to add code like thisto the sources of wireshark?
If this is really the only way to recognise these packets, it would be better to add a heuristic subdissector - see packet-hilscher.c for an example. Though, as the Cisco comment implies, I think your protocol design is hideous.
- References:
- [Wireshark-dev] calling a dissector for a specific mac address
- From: Richard Kümmel
- [Wireshark-dev] calling a dissector for a specific mac address
- Prev by Date: [Wireshark-dev] [Dev] Error adns_dll.dll
- Next by Date: [Wireshark-dev] losing packets: epilogue
- Previous by thread: [Wireshark-dev] calling a dissector for a specific mac address
- Next by thread: [Wireshark-dev] cross compiling
- Index(es):