Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [HELP]How to dissect a packet without a protocol? It can onl

From: yenan <yen1505@xxxxxxxxxxx>
Date: Fri, 22 Feb 2008 00:05:55 +0000


Thank you very very much, Holger!!
 
 
Using heur_dissector seems I have to dissect whold frame including the mac address, even the header is in prefect Ethernet II frame format?
 
Regards
Nan
 

Date: Thu, 21 Feb 2008 09:15:26 +0100
From: HPfrommer@xxxxxxxxxxxx
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] [HELP]How to dissect a packet without a protocol? It can only be digged out by its Dst Mac or Vlan I


Hi Nan,

 

you can easily register to a MAC address or any other byte in a frame by using a heuristic dissector.

 

Register the dissector:

heur_dissector_add("eth", dissect_foo_heur, proto_foo);

 

 

Use this dissector function:

static gboolean dissect_foo_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)

{

  /* check if destination MAC equals 01:02:03:04:05:06 */

  if ( (tvb_get_guint8(tvb, 0) == 0x01) &&

       (tvb_get_guint8(tvb, 1) == 0x02) &&

       (tvb_get_guint8(tvb, 2) == 0xa3) &&

       (tvb_get_guint8(tvb, 3) == 0x04) &&

       (tvb_get_guint8(tvb, 4) == 0x05) &&

       (tvb_get_guint8(tvb, 5) == 0x06) )

  {        

    /* do dissecting */

  )

  else

  {

    /* MAC does not match */

    return FALSE;

  }

 

  return TRUE:

}

 

 

This works perfect for me.

 

Holger

 

 

 


Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von yenan
Gesendet: Donnerstag, 21. Februar 2008 02:00
An: wireshark-dev@xxxxxxxxxxxxx
Betreff: [Wireshark-dev] [HELP]How to dissect a packet without a protocol? It can only be digged out by its Dst Mac or Vlan I

 

Hi folks:
Im writing a plugin for a packet store in the payload of standard "802.1Q Virtual LAN" packet ,this packet does not have protocol itself, it can only be digged by its Dst Mac address or Vlan Id, how could I dissect such a packet?
I tried to use :
register_dissector_table() in  vlan.c to create dissector table for "vlan.id", and in the plugin I used dissector_add() tring to call the dissector, but wont work! so , should I also use : dissector_try_port(), what should I pass in these functions ?
Any information I can read and lean rn for these functions?
 
And last question, if I try to dig out the packet by its dst mac address, what should I do? I find out the address are in FT_ETHER type, how can I handle such types?
 
I went through readme.develper couple times, still know very little for wireshark, are there anymore documents will explain the functions and structure in more detail?
 
 
Really need help!Thanks millions!Any information will be greatly appreciated!
 
 
Nan


Windows Live Writer锟斤拷支锟斤拷锟斤拷锟斤拷撰写锟斤拷锟斤拷锟斤拷锟捷o拷锟斤拷时锟斤拷锟斤拷锟叫达拷锟叫达拷锟� 锟斤拷锟斤拷使锟矫o拷

Hilscher Gesellschaft f锟斤拷r Systemautomation mbH
Rheinstr. 15, 65795 Hattersheim
Sitz der Gesellschaft: Hattersheim
Gesch?ftsf锟斤拷hrer: Hans-J锟斤拷rgen Hilscher
Registergericht: Amtsgericht Frankfurt/Main
Handelsregister: Frankfurt B 26873
www.hilscher.com



Windows Live Writer锟斤拷支锟斤拷锟斤拷锟斤拷撰写锟斤拷锟斤拷锟斤拷锟捷o拷锟斤拷时锟斤拷锟斤拷锟叫达拷锟叫达拷锟� 锟斤拷锟斤拷使锟矫o拷