Wireshark · Wireshark-dev: Re: [Wireshark-dev] Newbie - How to "hook into" wireshark

["Anders Broman \(AL/EAB\)" <anders.broman@xxxxxxxxxxxx>]

Hi,

Are those Ethertypes registered with http://standards.ieee.org/regauth/ethertype/index.shtml ?

 

You can use packet-tipc.c as an example on how to register a dissector based on ethertype:

void
proto_reg_handoff_tipc(void)
{
 dissector_handle_t tipc_handle;

 

 tipc_handle = create_dissector_handle(dissect_tipc, proto_tipc);
 dissector_add("ethertype", ETHERTYPE_TIPC, tipc_handle);
 if (extra_ethertype)
  dissector_add("ethertype", ETHERTYPE_TIPC2, tipc_handle);
 
 ip_handle = find_dissector("ip");
}

 

For UDP you can chose to register your dissector on a specific port preferably with a preference defaulted to zero, or make a heuristic UDP dissector

packet-sip.c can be used as a reference I think.

BR

Anders

---

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of John Jamulla
Sent: den 13 februari 2007 13:10
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Newbie - How to "hook into" wireshark

Hello,

 

I'm new to wireshark development and have read the README.developer only 1 time so far. *smile*

I've finally got a development environment with MS VC++ 6 and cygwin working, and I've built wireshark and have it running from the source, I then built a "dissector" with very little/nothing in it, and I can see it in the "enable dissectors" list, but I can't seem to select it to "force" a packet to be dissected with it, etc. So, with my (non-plug-in) dissector, I have a build that works correctly it appears, but my dissector doesn't yet do anything useful.

 

Now before I do anything useful with it, I wanted to see it at least get "hooked into" wireshark so it'll be called when appropriate.

I'm trying to figure out exactly how to get an existing dissector (is that an upper or lower one??, and I'm not sure exactly one would call my dissector(s)) to call a new dissector I'm going to write (maybe it's really called a sub-dissector?). Actually, I have a few different ones I need to write, and so I need to have "hooks" in for a few different cases.

 

Here's the cases:

a) I have a "protocol" that has a 0x6100 in the "ethertype" field of an Ethernet packet. How do I get one of the dissectors to call mine if it sees this in the packet?

I also have 2 more "protocols" that are similar with 0x6101 and 0x6102 in that field.

I don't have the capture file in front of me to be more specific.

 

b) I have a set of messages that are IP/UDP, and they have specific information in the first few bytes of the "data" part of a UDP packet. How do I "hook in" my dissector for this case?

 

Any help is greatly appreciated.