you can easily register to a MAC address or any other byte in a frame by using a heuristic dissector.
Register the dissector:
heur_dissector_add("eth", dissect_foo_heur, proto_foo);
Use this dissector function:
static gboolean dissect_foo_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/* check if destination MAC equals 01:02:03:04:05:06 */
if ( (tvb_get_guint8(tvb, 0) == 0x01) &&
(tvb_get_guint8(tvb, 1) == 0x02) &&
(tvb_get_guint8(tvb, 2) == 0xa3) &&
(tvb_get_guint8(tvb, 3) == 0x04) &&
(tvb_get_guint8(tvb, 4) == 0x05) &&
(tvb_get_guint8(tvb, 5) == 0x06) )
/* do dissecting */
/* MAC does not match */
This works perfect for me.
Von: [email protected] [mailto:[email protected]] Im Auftrag von yenan
Gesendet: Donnerstag, 21. Februar 2008 02:00
An: [email protected]
Betreff: [Wireshark-dev] [HELP]How to dissect a packet without a protocol? It can only be digged out by its Dst Mac or Vlan I
Im writing a plugin for a packet store in the payload of standard "802.1Q Virtual LAN" packet ,this packet does not have protocol itself, it can only be digged by its Dst Mac address or Vlan Id, how could I dissect such a packet?
I tried to use :
register_dissector_table() in vlan.c to create dissector table for "vlan.id", and in the plugin I used dissector_add() tring to call the dissector, but wont work! so , should I also use : dissector_try_port(), what should I pass in these functions ?
Any information I can read and lean
rn for these functions?
And last question, if I try to dig out the packet by its dst mac address, what should I do? I find out the address are in FT_ETHER type, how can I handle such types?
I went through readme.develper couple times, still know very little for wireshark, are there anymore documents will explain the functions and structure in more detail?
Really need help!Thanks millions!Any information will be greatly appreciated!
Windows Live Writer，支持离线撰写博客内容，随时随地想写就写。 立即使用！