Re: [Wireshark-dev] happy birthday, bug 5531!
Ed Beroset beroset@... writes: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5531 It's been a year since it was originally submitted. As always, if there's anything I can do to help get this into the main code, please let me know. I know a number of people that are waiting for it. And thanks again for a mighty handy tool! Ed I know it can be frustrating when waiting for something so thanks for your continued patience. If it makes you feel any better, some bugs are over 6 years old. :) - Chris ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Decode As... support
Akos Vandra axos88@... writes:
I would like to ask how does the Decode As... functionality work in wireshark?
I have a CAN network, and on top of it there may be different
higher-level protocols, depending on application.
There is no identifier which would say that this belongs to protocol
A, or protocol B.
I think the best solution would be for the user to say that this
network has proto A or proto B on top of CAN, and then it would pass
the whole traffic to dissector B.
I guess this would be the puprose of the Decode As... option, but how
can I use it from within the CAN dissector code?
Akos Vandra axos88@... writes:
I guess this would be the puprose of the Decode As... option, but how
can I use it from within the CAN dissector code?
I think one way would be for the CAN dissector to be modified so it registers a
dissector table that proto A, proto B, ... can then add their handle to. For
example (warning - untested pseudocode):
packet-socketcan.c:
proto_register_socketcan() {
...
can_dissector_table = register_dissector_table(can_somename, CAN
some_ui_name, FT_SOMETYPE, BASE_SOMEBASE);
...
}
protoA.c:
proto_reg_handoff_protoA() {
...
protoA_can_handle = create_dissector_handle(dissect_protoA, proto_protoA);
dissector_add_handle(can_somename, protoA_can_handle);
...
}
Look in the Wirehshark sources at other dissectors for more/better examples.
- Chris
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] happy birthday, bug 5531!
Chris Maynard wrote: Ed Berosetberoset@... writes: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5531 It's been a year since it was originally submitted. As always, if there's anything I can do to help get this into the main code, please let me know. I know a number of people that are waiting for it. And thanks again for a mighty handy tool! Ed I know it can be frustrating when waiting for something so thanks for your continued patience. If it makes you feel any better, some bugs are over 6 years old. :) Yes, it's a bit frustrating, but I also certainly understand. I wish I had more time to spend on this, too. I have a half-finished documentation section on how to write ASN.1 based dissectors that I'm hoping to finish within the next few weeks and I've been looking over Bill's rewritten tvb_ stuff to see if I can help explain that, too. First I'd have to understand it... Ed ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Decode As... support
Yeah, I did that, I added a heuristic dissector table, and added
protoA and protoB to them.
Now wireshark always uses protoA to dissect (it should, because protoA
has no way to know that the packet is not for him [[it?]], because the
whole message space is covered by it). I also added protoB, and if I
disable protoA, it processes the packets with protoB dissector,
however it would be nicer if I could choose decode as... protoB.
My code here:
packet-socketcan.c:
register_heur_dissector_list(can, heur_subdissector_list);
packet-cannp.c
heur_dissector_add(can, dissect_cannp, proto_cannp);
packet-cannection.c
heur_dissector_add(can, dissect_cannection, proto_cannection);
Regards,
Ákos
On 29 December 2011 19:06, Chris Maynard chris.mayn...@gtech.com wrote:
Akos Vandra axos88@... writes:
I would like to ask how does the Decode As... functionality work in
wireshark?
I have a CAN network, and on top of it there may be different
higher-level protocols, depending on application.
There is no identifier which would say that this belongs to protocol
A, or protocol B.
I think the best solution would be for the user to say that this
network has proto A or proto B on top of CAN, and then it would pass
the whole traffic to dissector B.
I guess this would be the puprose of the Decode As... option, but how
can I use it from within the CAN dissector code?
Akos Vandra axos88@... writes:
I guess this would be the puprose of the Decode As... option, but how
can I use it from within the CAN dissector code?
I think one way would be for the CAN dissector to be modified so it registers
a
dissector table that proto A, proto B, ... can then add their handle to. For
example (warning - untested pseudocode):
packet-socketcan.c:
proto_register_socketcan() {
...
can_dissector_table = register_dissector_table(can_somename, CAN
some_ui_name, FT_SOMETYPE, BASE_SOMEBASE);
...
}
protoA.c:
proto_reg_handoff_protoA() {
...
protoA_can_handle = create_dissector_handle(dissect_protoA, proto_protoA);
dissector_add_handle(can_somename, protoA_can_handle);
...
}
Look in the Wirehshark sources at other dissectors for more/better examples.
- Chris
___
Sent via: Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I use the dissector of wireshark in my program?
Gisle Vanem gvanem@... writes: The mainpage is at: http://sourceforge.net/projects/packetyzer/ Network Expect is another tool that comes to mind which uses libwireshark. The home page is here: http://netexpect.org/wiki Or check out the list of other tools on the wiki: http://wiki.wireshark.org/Tools - Chris ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I use the dissector of wireshark in my program?
homeryan homer...@live.cn wrote: I am a student from China, one of my homework is developing a simple network analyzer act just like wireshark. I decided to develop GUI interface and module of packets capture. But the part of dissector is too complex for me to complish, so, how can I invoke or use the dissector included in wireshark directly? Is there any interface and docs exist? Thanks, your help will be great appreciated. There is/was a GPL project called Packetyzer that did use the dissectors from Wireshark (then called Ethereal, i.e. it linked to libethereal.dll). But the project seems dead and it seems to be written in both C++ and Delphi (!). Haven't taken a closer look. There are still some install files and sources at SourgeForge from that project. The GUI looks very nice and fast. Sources: http://packetyzer.cvs.sourceforge.net/viewvc/packetyzer/packetyzer/ Click Download GNU tarball and get the .tar.gz file. The mainpage is at: http://sourceforge.net/projects/packetyzer/ --gv ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] How can I use the dissector of wireshark in my program?
Hello everyone, I am a student from China, one of my homework is developing a simple network analyzer act just like wireshark. I decided to develop GUI interface and module of packets capture. But the part of dissector is too complex for me to complish, so, how can I invoke or use the dissector included in wireshark directly? Is there any interface and docs exist? Thanks, your help will be great appreciated. 2011-12-29 homeryan___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Fwd: [FOSDEM] Dates for FOSDEM 2012: 4 5 February
Hello Gerald and all, Thus wrote Gerald Combs (ger...@wireshark.org): Sorry for taking so long to get back to you on this. We don't have a devroom, but we might be able to find a spot in one of the existing rooms. Alternatively I might be able to reserve a conference room at a nearby hotel. I realize it's now short notice, but can anyone interested in meeting at FOSDEM send an email to -dev or to me directly with the dates you can attend? The main event is February 4 and 5 in Brussels, but we could also meet on the 3rd or 6th if that's more convenient. http://fosdem.org/2012/ I'm still interested in meeting at or around Fosdem. Any of 3rd-6th would be ok. When we fix a date, I can organize my trip. I'll try to prepare some questions and ideas before the meeting. Best regards, Martin ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How to retrieve text displayed for a proto_item ?
On Fri, 23 Dec 2011 06:17:22 -0700 Teto wrote Thx for the quick answer as usual. Note this won't pass the inspection by reviewers. That was dissuasive ^^ I've done like you said, using a temp GString* , thanks for the advice See also doc/README.developer section 1.1.2 which talks about ep_strbuf strings that Wireshark manages the memory for. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
