Wireshark-dev: Re: [Wireshark-dev] Dissecting a portion of a protocol owned byanotherdissector
From: "Jeremy O'Brien" <[email protected]>
Date: Tue, 23 Feb 2010 16:01:52 -0500
I actually figured out a solution to my problem. I was fortunate in
wanting to dissect a field in an HTTP payload. I completely looked
over the fact that HTTP has all of its fields neatly laid out with
strings, so I'm just intercepting the http dissector, doing a couple
strstr()'s on it, and giving it back to the http dissector if I'm not
interested in it.

On Tue, Feb 23, 2010 at 15:47, Maynard, Chris
<[email protected]> wrote:
> Which field of which dissector are you interested in?  If you're lucky, it might already be available to your plugin in the packet_info struct.
>
> - Chris
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of Jeremy O'Brien
> Sent: Tuesday, February 23, 2010 2:50 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Dissecting a portion of a protocol owned byanotherdissector
>
> Hmm... I was trying to avoid touching any existing dissectors to allow
> my plugin to be as modular as possible. There's no other (easy) way?
>
> On Tue, Feb 23, 2010 at 14:11, Anders Broman <[email protected]> wrote:
>> Hi,
>> Not easily, but if you are doing something reasonably like dissecting
>> Vendor specific fields a patch to the existing dissector providing a "hook"
>> For a plugin would be acceptable, like registering a dissector table a
>> Custom plugin could register in.
>>
>> Regards
>> Anders
>> -----Ursprungligt meddelande-----
>> Från: [email protected]
>> [mailto:[email protected]] För Jeremy O'Brien
>> Skickat: den 23 februari 2010 19:02
>> Till: Developer support list for Wireshark
>> Ämne: [Wireshark-dev] Dissecting a portion of a protocol owned by
>> anotherdissector
>>
>> Hello,
>>
>> I am trying to write a wireshark plugin that dissects only a certain
>> field of another dissector. I read about writing tap dissectors, but
>> these seem to still receive entire packets rather than just the
>> portion I'm interested in. I am trying to avoid copying large chunks
>> of the main dissector just to get down to the area my dissector is
>> interested in. Does wireshark provide a way to do this?
>>
>> Thank you,
>> Jeremy
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <[email protected]>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>             mailto:[email protected]?subject=unsubscribe
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <[email protected]>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>             mailto:[email protected]?subject=unsubscribe
>>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:[email protected]?subject=unsubscribe
> CONFIDENTIALITY NOTICE: The contents of this email are confidential
> and for the exclusive use of the intended recipient. If you receive this
> email in error, please delete it from your system immediately and
> notify us either by email, telephone or fax. You should not copy,
> forward, or otherwise disclose the content of the email.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:[email protected]?subject=unsubscribe
>