Wireshark-dev: Re: [Wireshark-dev] Dissecting a portion of a protocol owned byanotherdissector
From: "Maynard, Chris" <[email protected]>
Date: Tue, 23 Feb 2010 15:47:20 -0500
Which field of which dissector are you interested in?  If you're lucky, it might already be available to your plugin in the packet_info struct.

- Chris

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Jeremy O'Brien
Sent: Tuesday, February 23, 2010 2:50 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissecting a portion of a protocol owned byanotherdissector

Hmm... I was trying to avoid touching any existing dissectors to allow
my plugin to be as modular as possible. There's no other (easy) way?

On Tue, Feb 23, 2010 at 14:11, Anders Broman <[email protected]> wrote:
> Hi,
> Not easily, but if you are doing something reasonably like dissecting
> Vendor specific fields a patch to the existing dissector providing a "hook"
> For a plugin would be acceptable, like registering a dissector table a
> Custom plugin could register in.
>
> Regards
> Anders
> -----Ursprungligt meddelande-----
> Från: [email protected]
> [mailto:[email protected]] För Jeremy O'Brien
> Skickat: den 23 februari 2010 19:02
> Till: Developer support list for Wireshark
> Ämne: [Wireshark-dev] Dissecting a portion of a protocol owned by
> anotherdissector
>
> Hello,
>
> I am trying to write a wireshark plugin that dissects only a certain
> field of another dissector. I read about writing tap dissectors, but
> these seem to still receive entire packets rather than just the
> portion I'm interested in. I am trying to avoid copying large chunks
> of the main dissector just to get down to the area my dissector is
> interested in. Does wireshark provide a way to do this?
>
> Thank you,
> Jeremy
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:[email protected]?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:[email protected]?subject=unsubscribe
>
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.