bujecas@xxxxxx wrote:
I know that the tvb_get_guint8 return a byte from the tvbuffer, but I
can't understand the meaning of the hexadecimal numbers. It's
something like a pattern or what?
Yes, a pattern - the classic 0xDEADBEEF (a popular pattern, mainly
because in hex it's two English words). Apparently, at least as I infer
from the code in the dissector, "Secure Network Services" data starts
with a "magic number" of 0xDEADBEEF, perhaps so that the data can be
recognized as "Secure Network Services" data.
I would like to develop dissectors to new protocols, and I have no
> clue in how to get the right quantify of bytes from the tvbuffer.
That code is probably not the best place to look for such a clue, as
it's somewhat specialized, and most dissectors won't be doing that
(except for heuristic dissectors, which might do checks similar to that
if the packets they're looking for start with a magic number - but, even
then, most code in the dissector won't look like that).
The way you get the right quantity of bytes depends on the type of data
you're fetching. For example, integral values would usually be fetched
with "tvb_get_guint8()" if it's 1 byte, "tvb_get_ntohs()" or
"tvb_get_letohs()" if it's 2 bytes, "tvb_get_ntohl()" or
"tvb_get_letohl()" if it's 4 bytes, "tvb_get_ntoh24()" or
"tvb_get_letoh24()" if it's 3 bytes, and "tvb_get_ntoh64()" or
"tvb_get_letoh64()" if it's 8 bytes. (You'd have to write your own code
to fetch integral values of other sizes.)
