Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: [Wireshark-dev] Modifying the ETH dissector
From: yvanmmailbox-web@xxxxxxxx
Date: Mon, 6 Apr 2009 10:15:17 +0000 (GMT)
Hi all,
I'm beginner in Wireshark plugin development.
As Valentin said in a previous mail (http://www.wireshark.org/lists/wireshark-dev/200803/msg00285.html), I also need to develop an AFDX plugin. I am interested in the solution explained in this URL, to add a heuristic dissector, but I have some questions:
Does using a heuristic dissector suppose I don't need to modify the ETH dissector, and only create my own one as a plugin? In this case, where do I add the line "heur_dissector_add(“eth”, dissect_afdx, proto_afdx);" ?=> Does the structure of my plugin change with this kind of call?
How can I fetch the MAC address from data inside the ETH, to scan it?
May I reuse the ETH packet analysis (length, type of protocol encapsulated, trailer...) automatically?
What must I do in my plugin in order to use the IP plugin after? (i.e. I wish to have frame:afdx:ip:udp:other)
Thanks a lot for your answers!
Yvan
I'm beginner in Wireshark plugin development.
As Valentin said in a previous mail (http://www.wireshark.org/lists/wireshark-dev/200803/msg00285.html), I also need to develop an AFDX plugin. I am interested in the solution explained in this URL, to add a heuristic dissector, but I have some questions:
Does using a heuristic dissector suppose I don't need to modify the ETH dissector, and only create my own one as a plugin? In this case, where do I add the line "heur_dissector_add(“eth”, dissect_afdx, proto_afdx);" ?=> Does the structure of my plugin change with this kind of call?
How can I fetch the MAC address from data inside the ETH, to scan it?
May I reuse the ETH packet analysis (length, type of protocol encapsulated, trailer...) automatically?
What must I do in my plugin in order to use the IP plugin after? (i.e. I wish to have frame:afdx:ip:udp:other)
Thanks a lot for your answers!
Yvan
- Follow-Ups:
- Re: [Wireshark-dev] Modifying the ETH dissector
- From: Maynard, Chris
- Re: [Wireshark-dev] Modifying the ETH dissector
- Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-7.10-x86-64
- Next by Date: Re: [Wireshark-dev] slow startup caused by splash_update?
- Previous by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 27959: /trunk/epan/ /trunk/epan/dissectors/: packet-wcp.c packet-x11.c /trunk/epan/: tvbuff.c tvbuff.h
- Next by thread: Re: [Wireshark-dev] Modifying the ETH dissector
- Index(es):