> From: Guy Harris <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >
> Date: Fri, 16 Feb 2007 16:03:41 -0800
>
> On Feb 16, 2007, at 3:28 PM, Ravi Kondamuru wrote:
>
I am trying to write a dissector for a non-standard rpc protocol.
Writing a heuristic to automatically identify the protocol is getting too
complicated. So, I was wondering if I could add a dissector that can be used
when I select a connection and explictly say Decode As.
Is it possible to do that?
If your protocol runs directly on top of UDP or TCP, yes. (If it runs on top
of some other RPC protocol - i.e., if by "rpc protocol"
you mean a protocol that is implemented using some RPC mechanism such as ONC
RPC or DCE RPC - then, no, you can't, and you *shouldn't*; there's already a
mechanism for registering dissectors for ONC RPC-based and DCE RPC-based
protocols.)
If it is, any pointers to notes on how can it be done?
If your protocol runs on top of UDP, so that you'd want to use "Decode As" to
indicate that a particular UDP port should be used for your protocol, then
call
dissector_add_handle("udp.port", {the handle for your dissector});
If your protocol runs on top of TCP, so that you'd want to use "Decode As" to
indicate that a particular TCP port should be used for your protocol, then
call
dissector_add_handle("tcp.port", {the handle for your dissector});
---
(Please excuse the email format. I am cut-n-pasting to a PDA)
Is it possible to add both TCP and UDP handles to a dissector? I have
succesfully built an RPC based dissector but it is only called for TCP
packets. UDP packets go undissected.
In my proto_reg_handoff I call the canonical rpc_init_prog() and
rpc_init_proc_table which appear to default to the rpc_tcp_handle.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
