You have a new link-layer, the HTTP-request link-layer. You'd have to
support that in wiretap, so that wiretap can pass wireshark this data.
Then set things up so that the frame dissector in packet-frame.c calls
your http_request dissector when the HTTP-request link-layer is seen.
I suspect you'll also need a new file format, or at least a modified
one, to be supported in wiretap.
--gilbert
On 8/30/06, Michael <michael@xxxxxxxxxxxx> wrote:
Hi,
For a project, I need to be able to dissect an application stream, of
say, http. So I have e.g. the http-request (*not* the headers of the
underlying protocols), and I would like to be able to dissect this
request into a tree (which I imagine the dissect_http function would
create). This requires a different entry in the dissection mechanism
(different than providing a fully headered packet using a capture file
as is normally done).
I can imagine this is done before, but I can't find it. If not, would
this be possible in your opinion? Or can someone give me a hint how to
start. The problem is that the complexity of (t)ethereal/wireshark makes
it difficult to now where to start. Maybe a very simple example of a
program which dissects a packet (then i could be able to find out how to
hack it into my preference). Tethereal is already quite complex for me...
Michael
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
