Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Writing a new packet dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Sat, 14 Oct 2006 15:38:26 +0200
Hi,
Below is an example on how to register your dissector in the media_type
dissector table:

void
proto_reg_handoff_foo(void)
{
  dissector_handle_t foo_handle;
  dissector_handle_t application_foo_handle;
 
  foo_handle = create_dissector_handle(dissect_foo, proto_foo);
  application_foo_handle = create_dissector_handle(dissect_application_foo,
proto_foo);
  dissector_add_string("media_type","application/isup",
application_foo_handle);

}

Then you start your dissection code at:
dissect_foo()

What dissector to look at to get examples on how to proceed depends on the
protocol, TVL type or text based or whatever.

Br
Anders

-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Daniel Griscom
Skickat: den 14 oktober 2006 15:02
Till: Developer support list for Wireshark
Kopia: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Writing a new packet dissector

At 10:46 AM +0200 10/14/06, Jaap Keuter wrote:
>Hi,
>
>Oke, here it goes: RTFM's at www.wireshark.org

Yes, I've already spent quite a while going over the user and 
developer documentation. I've also already downloaded and sniffed 
around the source. End result: little detailed enlightenment.

>Bit more to the point: What platform are you developing on? Wild guess
>Win32?

Well, I'm an OS X man by choice, but Wireshark is so much better 
integrated into Windows that I use it there.

>Then look into the Wireshark Developer Guide, which has the step by
>step guide of setting up the build environment. With all that in place
>check out doc/README.developer which contains lots of details on the
>internals.

Ah: that's the info I was looking for. Suggestion: add a pointer to 
the wireshark/doc directory to the very top of the developer's guide; 
less-experienced open-source developers (like myself) might not know 
to look there.

After a lot of grepping, I found the text-based media dissection code 
at epan/dissectors/packet-text-media.c. I'll start my work there.


Thanks,
Dan

-- 
Daniel T. Griscom             griscom@xxxxxxxxxxxx
Suitable Systems              http://www.suitable.com/
1 Centre Street, Suite 204    (781) 665-0053
Wakefield, MA  01880-2400
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube