Unfortunately, I don't think Wireshark can't quite do what
you want.
I am assuming that you have the protocol
stack:
Ethernet -> maps to next layer by "Ethertype"
field
IP -> maps to next layer by "Protocol"
field
UDP -> maps to next layer by "Port"
field
<your protocol>
As Sebastien said, the UDP dissector can only direct to the
next layer by port, not by the IP address. You can achieve some of the effect
you want by running wireshark with a filter based on IP address, then have your
new dissector registered for the correct UDP port.
If I've misunderstood the code I'd be grateful to be
corrected - I've been looking at this because we have a similar set of
requirements. It looks to me as if I would have to make some non-trivial
changes to the IP, UDP and TCP dissectors to be able to choose dissectors based
on more complex filters (not to mention having to make extensions to
the UI). I might have the time to do this, but would have to tread carefully to
avoid breaking this (rather central) functionality, and anything I do won't be
available for a couple of months.
Cheers
Doug
Hi our requirement is as follows:
The packets are sent from the application to a particular
multicast ip address.
Now we want ethereal to capture these packets from the network.
So as I have observed for the implemnation of a protocol, a dissector
has to be registered with a port. But I really dont know how they are
getting the packets capturing at the ip layer. I mean I dont know how ethereal
recognizes the ip address on which it has to capture the ip
packets. Pleaseb any one tell me how this can be done. Besos we are
supposed to implement our protocol for a particular multicast address and a
particular udp port.
Regards
Prashanth
sebastien@xxxxxxxxx wrote:
Hi,
You
can't as you said "register a protocol for an IP address" ... but you
can
register a plugin which will dissect your protocol.
If you only want
the dissection for a particular IP address, wireshark allows
you to create
a filter (capture or display).
for a plugin implementation in wireshark
see the
documentation
http://www.wireshark.org/docs/wsdg_html_chunked/
Regards,
Sebastien
Tandel
Selon prashanth joshi
:
> Hi all,
> We are required
to develop a protocol on ethereal. The packets are sent to
> a
particular ip address and the ethereal is supposed to capture packets
from
> that ip address. Please any one tell me how to register our
protocol for that
> ip address.
> Regards,
>
Prashanth.
>
>
> ---------------------------------
>
Everyone is raving about the all-new Yahoo! Mail
beta.
_______________________________________________
Wireshark-dev
mailing
list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
Need a quick answer? Get one in minutes from people who know. Ask your question
on
Yahoo!
Answers.
This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies.
Detica Limited is registered in England under No: 1337451.
Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.
