Wireshark · Ethereal-dev: [Ethereal-dev] Signature based dessector

Ethereal-dev: [Ethereal-dev] Signature based dessector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Stas Khirman" <staskh@xxxxxxxxxxx>

Date: Mon, 19 Apr 2004 01:12:08 -0700

Hi,

I'm about to write a dissector for protocol with unpredictable port
binding. The good news is that protocol has a distinctive signature in
the first data packet. I hear that Ethereal has support for such kind of
dissectors, but I didn't find anything in the documentation ( sorry for
bothering mailing list if this issue already described somewhere).

I'll appreciate any help on following:

1.) How can I define a dissector for "signature-based" protocol ? What
is a special issues I have to pay attention?
2.) What is an order of packet-to-dissector assignment in the Ethereal
core? What source file is recommended to review?
3.) Can you please point me to some existing dissector dealing with
non-port-binded protocols?


Regards
Stas

Follow-Ups:
- Re: [Ethereal-dev] Signature based dessector
  - From: Ober Heim

Prev by Date: [Ethereal-dev] Patch to packet-ftam.c
Next by Date: RE: [Ethereal-dev] Compiling packet-rtps using VC7
Previous by thread: Re: [Ethereal-dev] Patch to packet-ftam.c
Next by thread: Re: [Ethereal-dev] Signature based dessector
Index(es):
- Date
- Thread