Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Ashish, My protocol is registered, when I type it in the filter box it turns green. Also, I've built again wireshark (hope that's what you meant by creating a new workspace) but I still get the dissector not found error when I'm editing the DLT user in the GUI as you advice me. What could be wrong? Thanks so much for aiding me Armando Vázquez Ramírez ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Alex,
The plugin you attached is meant to open filetypes different than pcap,
right? I don't understand how to use this knowledge with my problem. I'm
using a pcap file, thing is I want wireshark to dissect a protocol in the
link layer which is not included in wireshark.
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 9:11 AM, Alex Lindberg alind...@yahoo.com wrote:
I needed to read a unsupported file structure and protocol into
Wireshark. I did this by creating a plugin that registered the necessary
routines to read a file and determine if the file was the one I needed.
1st - register with wtap:
/* register with wtap */
void wtap_register_mst(void) {
static struct file_type_info fi = {
My PROTOCOL File,/* name */
mst_file,/* short name */
*.*, /* file extensions */
NULL, /* file extension default */
FALSE, /* writing seek must */
FALSE,/* has name resolution */
NULL,/* can write this type of file encap? */
NULL/* function to open for writing */
};
wtap_register_open_routine(myproto_open, TRUE);
encap_mst_file = wtap_register_encap_type(My PROTOCOL FILE,
myproto_file);
wf_myproto_file = wtap_register_file_type(fi);
}
As you see, you need a open routine (myproto_open). The open routine
determines of the file is of the flavor you are looking for, if so it
created a file structure used by Wireshark.
int myproto_open(wtap *wth, int *err, gchar **err_info _U_) {
/* open routine. First determine if it is a myproto file. */
/* The open_file_* routines should return:
-1 on an I/O error;
1 if the file they're reading is one of the types it handles;
0 if the file they're reading isn't the type they're checking for.
If the routine handles this type of file, it should set the file_type
field in the struct wtap to the type of the file. */
if (!(myproto_check_file(wth, err))) {
if (*err == 0) {
return 0;
}
else {
return -1;
}
}
/* point to 1st line */
if(file_seek(wth-fh,0, SEEK_SET, err) == -1) {
return -1;
}
wth-data_offset = 0;
wth-file_encap = WTAP_ENCAP_USER15; /* encap type to use if save as
pcap file */
wth-file_type = WTAP_ENCAP_USER15;
wth-subtype_read = myproto_read;/* routines to go for reading and
seeking */
wth-subtype_seek_read = myproto_seek_read;
wth-snapshot_length = 0;/* not known */
wth-tsprecision = WTAP_FILE_TSPREC_CSEC;
return 1;
}
As an FYI, to get the plungin's wtap routines to register, I had to modify
the local Makefile.am for plugin.c to look for the wtap register routine
(only for the Python build which I am using)
plugin.c: $(DISSECTOR_SRC) $(top_srcdir)/tools/make-dissector-reg \
$(top_srcdir)/tools/make-dissector-reg.py
@if test -n $(PYTHON); then \
echo Making plugin.c with python ; \
$(PYTHON) $(top_srcdir)/tools/make-dissector-reg.py $(srcdir) \
plugin_wtap $(DISSECTOR_SRC) ; \
else \
echo Making plugin.c with shell script ; \
$(top_srcdir)/tools/make-dissector-reg $(srcdir) \
$(plugin_src) plugin_wtap $(DISSECTOR_SRC) ; \
fi
Examples of these functions can be found in the wiretap directory. Best
of luck
Alex Lindberg
--- On *Sat, 3/3/12, ashish goel ashish.kumar.go...@gmail.com* wrote:
From: ashish goel ashish.kumar.go...@gmail.com
Subject: Re: [Wireshark-dev] How can I register a link layer protocol?
To: Developer support list for Wireshark wireshark-dev@wireshark.org
Date: Saturday, March 3, 2012, 12:30 PM
Hi Armando,
Have you checked if your protocol is registered or not. One way to check
this is to type your protocol's name in Wireshark's Display Filter textbox,
the textbox's background should turn green.
If your protocol is registered and it is not showing as valid protocol
while adding to DLT_User encapsulation table then DLT_user file might have
been corrupted.
Try creating a new workspace and implement your changes into that. It
should work.
2012/3/3 Armando Vázquez
avr...@gmail.comhttp://mc/compose?to=avr...@gmail.com
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why is
that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the same
as using the function dissector_add_uint(), am I right? If so, why isn't
working? should I change something else in pcap-common.c or wtap.c or
wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
ashish.kumar.go...@gmail.comhttp://mc
Re: [Wireshark-dev] How can I register a link layer protocol?
For this to work your dissector needs to be registered by name. To get
that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why
is that? I tried using my dissector for the header protocol, but it
should also disscet 2 trailer bytes, does that represent a problem ?
What should I put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the
same as using the function dissector_add_uint(), am I right? If so, why
isn't working? should I change something else in pcap-common.c or wtap.c
or wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
ashish.kumar.go...@gmail.com mailto:ashish.kumar.go...@gmail.com wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
- protocols - DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com mailto:avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(myprotocol.proto,ACN protocol
number, FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(myprotocol, dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_encap, WTAP_ENCAP_MYPROTOCOL,
myprotocol_handle);
dissector_add_uint(tcp.port,
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
I did so by using this function:
void proto_register_myprotocol(void)
{
...
register_dissector(MY_PROTOCOL, dissect_myprotocol, proto_my_protocol);
}
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss jeff.morriss...@gmail.comwrote:
For this to work your dissector needs to be registered by name. To get
that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why
is that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the
same as using the function dissector_add_uint(), am I right? If so, why
isn't working? should I change something else in pcap-common.c or wtap.c or
wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
ashish.kumar.go...@gmail.commailto:
ashish.kumar.goel1@**gmail.com ashish.kumar.go...@gmail.com wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
- protocols - DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com mailto:avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/**wireshark-dev@wireshark.org/**
msg05931.htmlhttp://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html
)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--**--**
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(**myprotocol.proto,ACN protocol
number, FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(**myprotocol, dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(**void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(**dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_**encap, WTAP_ENCAP_MYPROTOCOL,
myprotocol_handle);
dissector_add_uint(tcp.port,
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
__**__**
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:
http://www.wireshark.org/**lists/wireshark-devhttp://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/**options/wireshark-devhttps://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@**wireshark.orgwireshark-dev-requ...@wireshark.org
?subject=**unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Armando,
By creating a new workspace I meant deleting the first one completely and
taking the new one and implementing the changes again.
In the mean time can you post the code.
2012/3/5 Armando Vázquez avr...@gmail.com
I did so by using this function:
void proto_register_myprotocol(void)
{
...
register_dissector(MY_PROTOCOL, dissect_myprotocol, proto_my_protocol);
}
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss
jeff.morriss...@gmail.comwrote:
For this to work your dissector needs to be registered by name. To get
that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why
is that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the
same as using the function dissector_add_uint(), am I right? If so, why
isn't working? should I change something else in pcap-common.c or wtap.c or
wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
ashish.kumar.go...@gmail.com
mailto:ashish.kumar.goel1@**gmail.comashish.kumar.go...@gmail.com
wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
- protocols - DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com mailto:avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/**wireshark-dev@wireshark.org/**
msg05931.htmlhttp://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html
)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--**--**
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(**myprotocol.proto,ACN protocol
number, FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(**myprotocol, dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(**void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(**dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_**encap, WTAP_ENCAP_MYPROTOCOL,
myprotocol_handle);
dissector_add_uint(tcp.port,
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
__**__**
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:
http://www.wireshark.org/**lists/wireshark-devhttp://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/**options/wireshark-devhttps://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@**wireshark.orgwireshark-dev-requ...@wireshark.org
?subject=**unsubscribe
___
Sent via:Wireshark-dev
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences -
protocols - DLT_User. Here click on edit and add your protocol on any of
the User DLTs(147 - 162). But make sure that that the pcap file you are
using must have defined the same DLT value in its global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin wiki and
found no answer. Here is my problem. I'm trying to use Wireshark for
dissecting a pcap capture of a protocol that it's not currently defined in
wireshark. So I started writing a plugin, but I haven't been able to
declare or register this dissector so it is enabled as a link layer
dissector. I need to achieve this because this is not a internet protocol,
so I need to identify it in this layer.
I've already read this dev-topic (
http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and nesting it
on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(myprotocol.proto,ACN protocol number,
FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length (hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(myprotocol, dissect_myprotocol, proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_encap, WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
dissector_add_uint(tcp.port, global_myprotocol_port, myprotocol_handle);
// Registering this on top of TCP was only to develop the dissection part,
this won't be present in the release version
}
--
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
--
Thanks,
Ashish
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why is
that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the same
as using the function dissector_add_uint(), am I right? If so, why isn't
working? should I change something else in pcap-common.c or wtap.c or
wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel ashish.kumar.go...@gmail.comwrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences -
protocols - DLT_User. Here click on edit and add your protocol on any of
the User DLTs(147 - 162). But make sure that that the pcap file you are
using must have defined the same DLT value in its global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin wiki and
found no answer. Here is my problem. I'm trying to use Wireshark for
dissecting a pcap capture of a protocol that it's not currently defined in
wireshark. So I started writing a plugin, but I haven't been able to
declare or register this dissector so it is enabled as a link layer
dissector. I need to achieve this because this is not a internet protocol,
so I need to identify it in this layer.
I've already read this dev-topic (
http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and nesting
it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(myprotocol.proto,ACN protocol number,
FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length (hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(myprotocol, dissect_myprotocol, proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_encap, WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
dissector_add_uint(tcp.port,
global_myprotocol_port, myprotocol_handle); // Registering this on top of
TCP was only to develop the dissection part, this won't be present in the
release version
}
--
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org
?subject=unsubscribe
--
Thanks,
Ashish
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Armando,
Have you checked if your protocol is registered or not. One way to check
this is to type your protocol's name in Wireshark's Display Filter textbox,
the textbox's background should turn green.
If your protocol is registered and it is not showing as valid protocol
while adding to DLT_User encapsulation table then DLT_user file might have
been corrupted.
Try creating a new workspace and implement your changes into that. It
should work.
2012/3/3 Armando Vázquez avr...@gmail.com
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why is
that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the same
as using the function dissector_add_uint(), am I right? If so, why isn't
working? should I change something else in pcap-common.c or wtap.c or
wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
ashish.kumar.go...@gmail.comwrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences -
protocols - DLT_User. Here click on edit and add your protocol on any of
the User DLTs(147 - 162). But make sure that that the pcap file you are
using must have defined the same DLT value in its global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin wiki
and found no answer. Here is my problem. I'm trying to use Wireshark for
dissecting a pcap capture of a protocol that it's not currently defined in
wireshark. So I started writing a plugin, but I haven't been able to
declare or register this dissector so it is enabled as a link layer
dissector. I need to achieve this because this is not a internet protocol,
so I need to identify it in this layer.
I've already read this dev-topic (
http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and nesting
it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(myprotocol.proto,ACN protocol number,
FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length (hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(myprotocol, dissect_myprotocol, proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_encap, WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
dissector_add_uint(tcp.port,
global_myprotocol_port, myprotocol_handle); // Registering this on top of
TCP was only to develop the dissection part, this won't be present in the
release version
}
--
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org
?subject=unsubscribe
--
Thanks,
Ashish
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org
?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
[Wireshark-dev] How can I register a link layer protocol?
Hi guys,
I've read the developers guide, README.developer, wiretap plugin wiki and
found no answer. Here is my problem. I'm trying to use Wireshark for
dissecting a pcap capture of a protocol that it's not currently defined in
wireshark. So I started writing a plugin, but I haven't been able to
declare or register this dissector so it is enabled as a link layer
dissector. I need to achieve this because this is not a internet protocol,
so I need to identify it in this layer.
I've already read this dev-topic (
http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html) but
I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and nesting it
on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(myprotocol.proto,ACN protocol number,
FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length (hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(myprotocol, dissect_myprotocol, proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_encap, WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
dissector_add_uint(tcp.port, global_myprotocol_port, myprotocol_handle);
// Registering this on top of TCP was only to develop the dissection part,
this won't be present in the release version
}
--
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
