Hi,
I don't know if I am straying from the core of the topic here, but
this particular topic has always foxed me.
If a protocol is proprietery (in the sense that the specifications are
not open and they might be released only under NDA), then wouldn't
writing a dissector for it create legal problems one way or the other.
If the dissector was written and made available to the world (as the
GPL license would require) then the specifications would essentially
be made public, which is not desired. On the other hand, if a company
made a dissector for its own use for such a protocol, but did not make
it public, then it would be a violation of the GPL!
Tom, I guess the answer to your question would largely depend on what
you mean by "proprietery". However, to dissect the protocol, I think
some programming is needed, it might not be possible using
configuration only.
Best regards,
Abhik.
On 1/31/07, Hal Lander <hal_lander@xxxxxxxxxxx> wrote:
Hi Tom,
I am just starting to learn how to use Wireshark myself (it used to be
Ethereal),messing about with a protocol sent within TCP.
You should probably start by downloading Wireshark and running it on your
network to see what it does. It will capture and decode the TCP which it
knows about, but will not understand your proprietary protoco - though you
will see the bytesl. If you write a new dissector plugin for your protocol
Wireshark will then be able to decode it as well as the TCP.
One problem will be that you seem to be wanting to run from log files, which
are probably not in a format that Wireshark can read.
So, yes I would use Wireshark but I would try and capture the network data
using packages that already exist and which save a format that Wireshark can
already read.
Hal
>From: Tom McLaughlin <tmcl98@xxxxxxxxx>
>Reply-To: Developer support list for Wireshark
><wireshark-dev@xxxxxxxxxxxxx>
>To: wireshark-dev@xxxxxxxxxxxxx
>Subject: [Wireshark-dev] Use ethereal as a proprietary protocol parser;no
>ethernet/IP decoding
>Date: Tue, 30 Jan 2007 15:09:09 -0800 (PST)
>
>Hello,
>I work for a company that build proprietary communication systems for the
>utility industry. We have a proprietary communcation protocol that can be
>wrapped in several standard protocols. I would like to build a log parser
>that looks like Ethereal for our protocol if possible. This would not be a
>new dissector from what I understand for other protocols wrapped in
>Ethernet or IP.
>
>Basically, get Ethereal to read in a file with a bunch of hex strings,
>somewhere define what the fields are, and use the Ethereal gui.
>
>Possible? Thoughts?
>
>Or would it be better to just start from scratch?
>
>Tom
>_______________________________________________
>Wireshark-dev mailing list
>Wireshark-dev@xxxxxxxxxxxxx
>http://www.wireshark.org/mailman/listinfo/wireshark-dev
_________________________________________________________________
Valentine�s Day -- Shop for gifts that spell L-O-V-E at MSN Shopping
http://shopping.msn.com/content/shp/?ctId=8323,ptnrid=37,ptnrdata=24095&tcode=wlmtagline
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
