ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: [Wireshark-dev] How to get my dissector called

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Kevin Jones" <kcsjones@xxxxxxxxx>
Date: Mon, 21 May 2007 11:24:12 -0400
Hi,
When I capture the protocol with wireshark it lables uses the IEEE 802.3 and then uses LLC and IP to dissect the rest of it. Of course the last two don't work but it's wireshark's best guess. I was browsing the mailing list some more and someone suggested looking at the ARP protocol for an example of a protocol on top of layer 2 ethernet. Here's what caught my eye in packet-arp.c

void
proto_reg_handoff_arp(void)
{
  dissector_handle_t arp_handle;

  arp_handle = find_dissector("arp");

  dissector_add("ethertype", ETHERTYPE_ARP, arp_handle);
  dissector_add("ethertype", ETHERTYPE_REVARP, arp_handle);
  dissector_add("arcnet.protocol_id", ARCNET_PROTO_ARP_1051, arp_handle);
  dissector_add("arcnet.protocol_id", ARCNET_PROTO_ARP_1201, arp_handle);
  dissector_add("arcnet.protocol_id", ARCNET_PROTO_RARP_1201, arp_handle);
}

Is  "dissector_add("ethertype", ETHERTYPE_ARP, arp_handle);" how you register a dissector with a lower layer protocol?
 
Also what are static hf_register_info hf[] = {...} and proto_register_field_array(proto_arp, hf, array_length(hf));  for? Does registering the info array give wireshark hints to help it find the appropriate dissector to call? Or does it just setup memory space to use after the dissector gets called and while it's dissecting?
 
Thanks for the quick response and my appologies for not replying to the topic correctly
 
Kevin
 
Hi,
What Ethernet type does your protocol use? You should register your dissector for that type.
Regards
Anders

________________________________

Från: wireshark-dev-bounces@... genom Kevin Jones
Skickat: må 2007-05-21 15:37
Till: wireshark-dev@...
Ämne: [Wireshark-dev] How to get my dissector called?

Hi,

What about a dissector gets it called when Wireshark is looking to disect a packet. I'm writing a dissector
for a protocol on top of the ethernet layer. Right now I'm using the example in the developers guide just to
see if I can get the program to call the example... but it doesn't seem to even when all of the other protocols
(except Ethernet) are disabled. It is a pretty simple protocal that runs at layer 3 over ethernet II, so I
think it'd be pretty easy to implement... Let me know if more info is needed or if you guys have any
suggestions.

Thanks in advance!
Kevin
 
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube