Thanks ashis! When I tried this my protocol does not show up as a valid protocol, why is that? I tried using my dissector for the header protocol, but it should also disscet 2 trailer bytes, does that represent a problem ? What should I put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the same as using the function dissector_add_uint(), am I right? If so, why isn't working? should I change something else in pcap-common.c or wtap.c or wtap.h? Armando Vázquez Ramírez On Sat, Mar 3, 2012 at 6:27 AM, ashish goel <ashish.kumar.go...@gmail.com>wrote: > Hi Armando, > > The is a way you can do it through wireshark GUI. Go to preferences -> > protocols -> DLT_User. Here click on edit and add your protocol on any of > the User DLTs(147 - 162). But make sure that that the pcap file you are > using must have defined the same DLT value in its global header. > > Hope this helps. > > Thanks, > Ashish > 2012/3/2 Armando Vázquez <avr...@gmail.com> > >> Hi guys, >> >> I've read the developers guide, README.developer, wiretap plugin wiki and >> found no answer. Here is my problem. I'm trying to use Wireshark for >> dissecting a pcap capture of a protocol that it's not currently defined in >> wireshark. So I started writing a plugin, but I haven't been able to >> declare or register this dissector so it is enabled as a link layer >> dissector. I need to achieve this because this is not a internet protocol, >> so I need to identify it in this layer. >> >> I've already read this dev-topic ( >> http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html) >> but I didn't understand it well. >> >> The dissection part works fine, I've tested it using a pcap and nesting >> it on top of TCP. I would really appreciate your help. >> >> Also I've added in wtap.h >> >> #define WTAP_ENCAP_MYPROTOCOL 147 >> >> and in wtap.c >> >> static struct encap_type_info encap_table_base[] = { >> ... >> { "RESERVED 138", "res0" }, >> { "RESERVED 139", "res1" }, >> { "RESERVED 140", "res2" }, >> { "RESERVED 141", "res3" }, >> { "RESERVED 142", "res4" }, >> { "RESERVED 143", "res5" }, >> { "RESERVED 144", "res6" }, >> { "RESERVED 145", "res7" }, >> { "RESERVED 146", "res8" }, >> >> /* WTAP_ENCAP_MYPROTOCOL*/ >> { "MY PROTOCOL, "myprotocol" } >> }; >> >> Here are the register and handoff sections of my code >> >> >> ---------------------------------------------------------------------------------- >> void proto_register_myprotocol (void) >> { >> ... >> >> myprotocol_dissector_table = >> register_dissector_table("myprotocol.proto","ACN protocol number", >> FT_UINT8, BASE_HEX); >> proto_register_field_array (proto_myprotocol, hf, array_length (hf)); >> proto_register_subtree_array (ett, array_length (ett)); >> register_dissector("myprotocol", dissect_myprotocol, proto_myprotocol); >> } >> >> void proto_reg_handoff_myprotocol(void) >> { >> >> data_handle = find_dissector("data"); >> myprotocol_handle = create_dissector_handle(dissect_myprotocol, >> proto_myprotocol); >> >> dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle); >> dissector_add_uint("tcp.port", >> global_myprotocol_port, myprotocol_handle); // Registering this on top of >> TCP was only to develop the dissection part, this won't be present in the >> release version >> >> >> } >> >> >> ---------------------------------------------------------------------------------- >> >> >> This document is strictly confidential and intended only for use by the >> addressee unless otherwise stated. If you are not the intended recipient, >> >> please notify the sender immediately and delete it from your system. >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe >> > > > > -- > Thanks, > Ashish > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe