i have implemented a sniffer in an fpga that captures the data packets
on a RS-485 token network, packs them into ethernet packets, and sends
them to a workstation. my idea now is to write a plugin for wireshark
that analyzes these packets. i have already downloaded c++ compiler,
wireshark source code, and anything else (like explained in the
developer guide) and managed to build wireshark. but i'm struggling
with my own dissector and need someones help.
according to chapter 9.2 (Adding a basic dissector) in this guide or
chapter 1.2 (Skeleton code) in the README file, the dissector has to be
associated with some parent subfield (in the example this is
"udp.port"). i'm sending raw ethernet packets (no TCP/IP or UDP
protocol ant therefore no ports), so how do i have to use the
dissector_add() function? i couldn't find a manual to all these
functions and hope that someone has experience in writing a plugin for
a "user protocol"
thanks for the help
lukas
p.s.
maybe it helps to give you my ethernet frame format:
6 bytes dest. address
6 bytes source address
2 bytes length
19 bytes data
27 bytes 0x00 (so that the ethernet frame is large enough)
4 bytes FCS
