Wireshark-dev: Re: [Wireshark-dev] Dissecting a specific layer (the application layer)
From: "Gilbert Ramirez" <[email protected]>
Date: Wed, 30 Aug 2006 09:07:54 -0500
You have a new link-layer, the HTTP-request link-layer. You'd have to
support that in wiretap, so that wiretap can pass wireshark this data.

Then set things up so that the frame dissector in packet-frame.c calls
your http_request dissector when the HTTP-request link-layer is seen.

I suspect you'll also need a new file format, or at least a modified
one, to be supported in wiretap.


On 8/30/06, Michael <[email protected]> wrote:

For a project, I need to be able to dissect an application stream, of
say, http. So I have e.g. the http-request (*not* the headers of the
underlying protocols), and I would like to be able to dissect this
request into a tree (which I imagine the dissect_http function would
create). This requires a different entry in the dissection mechanism
(different than providing a fully headered packet using a capture file
as is normally done).

I can imagine this is done before, but I can't find it. If not, would
this be possible in your opinion? Or can someone give me a hint how to
start. The problem is that the complexity of (t)ethereal/wireshark makes
it difficult to now where to start. Maybe a very simple example of a
program which dissects a packet (then i could be able to find out how to
hack it into my preference). Tethereal is already quite complex for me...

Wireshark-dev mailing list
[email protected]