Hi,
Depending of your dissector complexity, you may even consider ptvcursor API (see README.developer) packet-homeplug.c is an example of the use of ptvcursor which is also working on top of ethernet. If you intend to use proto_tree_* functions, please use proto_tree_add_item instead of proto_tree_add_[uint|string|...] whenever possible. Regards, Sebastien Tandel CANDIA, Fabrice wrote: > Thanks Abhik, ARP dissector is exactly what I need ! > > > -----Message d'origine----- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] la part de Abhik Sarkar > Envoyé : mardi 3 avril 2007 14:03 > À : Developer support list for Wireshark > Objet : Re: [Wireshark-dev] Dissector over Ethernet > > > Hi Fabrice, > > How about the ARP (packet-arp.c) dissector? One of the protocols ARP > runs directly on is Ethernet. That should give you some ideas. > > Maybe packet-llc.c too. > > Hope this helps, > Abhik. > > On 4/3/07, CANDIA, Fabrice <[EMAIL PROTECTED]> wrote: > >> Hi all, >> >> I am looking for a dissector able to decode a specific protocol directly >> over Ethernet (no IP header). >> The dissector shall be able to decode the protocol by detecting the MAC >> destination and one field in the payload. >> I am totally newbie in "wireshark dissection". >> >> Could somebody send me one example of a such type of dissector ? >> >> I tried to start from the foo example described in the developper's guide >> but I am not sure this example is adapted to my needs (dissector over >> Ethernet). >> >> Sincerely, >> >> Fabrice >> >> >> This e-mail is intended only for the above addressee. It may contain >> privileged information. >> If you are not the addressee you must not copy, distribute, disclose or use >> any of the information in it. >> If you have received it in error please delete it and immediately notify the >> sender. >> Security Notice: all e-mail, sent to or from this address, may be accessed >> by someone other than the recipient, for system management and security >> reasons. This access is controlled under Regulation of security reasons. >> This access is controlled under Regulation of Investigatory Powers Act 2000, >> Lawful Business Practises. >> >> >> _______________________________________________ >> Wireshark-dev mailing list >> Wireshark-dev@wireshark.org >> http://www.wireshark.org/mailman/listinfo/wireshark-dev >> >> > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > This mail has originated outside your organization, either from an external > partner or the Global Internet. > Keep this in mind if you answer this message. > > > > This e-mail is intended only for the above addressee. It may contain > privileged information. > If you are not the addressee you must not copy, distribute, disclose or use > any of the information in it. > If you have received it in error please delete it and immediately notify the > sender. > Security Notice: all e-mail, sent to or from this address, may be accessed by > someone other than the recipient, for system management and security reasons. > This access is controlled under Regulation of security reasons. > This access is controlled under Regulation of Investigatory Powers Act 2000, > Lawful Business Practises. > > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
