Wireshark · Ethereal-dev: Re: [Ethereal-dev] Discovery of an UDP protocol dissector

Ethereal-dev: Re: [Ethereal-dev] Discovery of an UDP protocol dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Erwin Rol <mailinglists@xxxxxxxxxxxx>

Date: Mon, 09 Jan 2006 17:13:36 +0100

On Mon, 2006-01-09 at 03:23 -0600, Bill Florac wrote:
> Is there a means to have a dissector tell Ethereal that it can dissect
> a packet based on anything other than the port number?  If a protocol
> uses multiple ports how can I make so a user does not have to right
> click on each instance and select "decode as"?
> 

Yes you have some possibilities, one is when the protocol has a port
number embedded in a network packet, you can dissect that setup packet
and dynamically register that newly found port number for the protocol.
Another solution is to look at the content of the network packet and try
to figure out if that packet is a packet with the wanted protocol (for
example by seeing a magic number at the right place in combination with
a correct checksum or what ever the protocol has for recognizable
fields.) For information on that last way look in the
epan/dissectors/packet-rtp.c for heur_dissector_add, that shows how it
works. 

More information can also be found in the doc directory especially
README.developer. 

- Erwin

-- 
      Erwin Rol Software Engineering - http://www.erwinrol.com/
tel: +49-(0)8024-479378 gsm: +49-(0)171-6929198 email: info@xxxxxxxxxxxx

References:
- [Ethereal-dev] Discovery of an UDP protocol dissector
  - From: Bill Florac

Prev by Date: RE: [Ethereal-dev] Multiple/Recursive PDUs
Next by Date: RE: [Ethereal-dev] Multiple/Recursive PDUs
Previous by thread: [Ethereal-dev] Discovery of an UDP protocol dissector
Next by thread: RE: [Ethereal-dev] Discovery of an UDP protocol dissector
Index(es):
- Date
- Thread