Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: [Wireshark-dev] Dissector for User Protocol
From: Lukas Haas <luhaas@xxxxxxxxxx>
Date: Fri, 07 Nov 2008 15:25:28 +0100
i have implemented a sniffer in an fpga that captures the data packets on a RS-485 token network, packs them into ethernet packets, and sends them to a workstation. my idea now is to write a plugin for wireshark that analyzes these packets. i have already downloaded c++ compiler, wireshark source code, and anything else (like explained in the developer guide) and managed to build wireshark. but i'm struggling with my own dissector and need someones help.
according to chapter 9.2 (Adding a basic dissector) in this guide or chapter 1.2 (Skeleton code) in the README file, the dissector has to be associated with some parent subfield (in the example this is "udp.port"). i'm sending raw ethernet packets (no TCP/IP or UDP protocol ant therefore no ports), so how do i have to use the dissector_add() function? i couldn't find a manual to all these functions and hope that someone has experience in writing a plugin for a "user protocol"
thanks for the help lukas p.s. maybe it helps to give you my ethernet frame format: 6 bytes dest. address 6 bytes source address 2 bytes length 19 bytes data 27 bytes 0x00 (so that the ethernet frame is large enough) 4 bytes FCS
- Follow-Ups:
- Re: [Wireshark-dev] Dissector for User Protocol
- From: Németh Márton
- Re: [Wireshark-dev] Dissector for User Protocol
- From: Guy Harris
- Re: [Wireshark-dev] Dissector for User Protocol
- Prev by Date: Re: [Wireshark-dev] Creating installer to install WS with my plugin
- Next by Date: Re: [Wireshark-dev] 'OPENFILENAME_SIZE_VERSION_400' : undeclaredidentifier
- Previous by thread: Re: [Wireshark-dev] 'OPENFILENAME_SIZE_VERSION_400' : undeclared identifier
- Next by thread: Re: [Wireshark-dev] Dissector for User Protocol
- Index(es):