Thanks ashis!

When I tried this my protocol does not show up as a valid protocol, why is
that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?

Besides, I've read that using the GUI and editing the DLT_User is the same
as using the function dissector_add_uint(), am I right? If so, why isn't
working? should I change something else in pcap-common.c or wtap.c or
wtap.h?


Armando Vázquez Ramírez


On Sat, Mar 3, 2012 at 6:27 AM, ashish goel <ashish.kumar.go...@gmail.com>wrote:

> Hi Armando,
>
> The is a way you can do it through wireshark GUI. Go to preferences ->
> protocols -> DLT_User. Here click on edit and add your protocol on any of
> the User DLTs(147 - 162). But make sure that that the pcap file you are
> using must have defined the same DLT value in its global header.
>
> Hope this helps.
>
> Thanks,
> Ashish
> 2012/3/2 Armando Vázquez <avr...@gmail.com>
>
>> Hi guys,
>>
>> I've read the developers guide, README.developer, wiretap plugin wiki and
>> found no answer. Here is my problem. I'm trying to use Wireshark for
>> dissecting a pcap capture of a protocol that it's not currently defined in
>> wireshark. So I started writing a plugin, but I haven't been able to
>> declare or register this dissector so it is enabled as a link layer
>> dissector. I need to achieve this because this is not a internet protocol,
>> so I need to identify it in this layer.
>>
>> I've already read this dev-topic (
>> http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html)
>> but I didn't understand it well.
>>
>> The dissection part works fine, I've tested it using a pcap and nesting
>> it on top of TCP. I would really appreciate your help.
>>
>> Also I've added in wtap.h
>>
>> #define WTAP_ENCAP_MYPROTOCOL 147
>>
>> and in wtap.c
>>
>> static struct encap_type_info encap_table_base[] = {
>> ...
>> { "RESERVED 138", "res0" },
>> { "RESERVED 139", "res1" },
>> { "RESERVED 140", "res2" },
>>  { "RESERVED 141", "res3" },
>> { "RESERVED 142", "res4" },
>>  { "RESERVED 143", "res5" },
>> { "RESERVED 144", "res6" },
>>  { "RESERVED 145", "res7" },
>> { "RESERVED 146", "res8" },
>>
>> /* WTAP_ENCAP_MYPROTOCOL*/
>> { "MY PROTOCOL, "myprotocol" }
>> };
>>
>> Here are the register and handoff sections of my code
>>
>>
>> ----------------------------------------------------------------------------------
>> void proto_register_myprotocol (void)
>> {
>> ...
>>
>> myprotocol_dissector_table =
>> register_dissector_table("myprotocol.proto","ACN protocol number",
>> FT_UINT8, BASE_HEX);
>>  proto_register_field_array (proto_myprotocol, hf, array_length (hf));
>> proto_register_subtree_array (ett, array_length (ett));
>>  register_dissector("myprotocol", dissect_myprotocol, proto_myprotocol);
>> }
>>
>> void proto_reg_handoff_myprotocol(void)
>> {
>>
>> data_handle = find_dissector("data");
>> myprotocol_handle = create_dissector_handle(dissect_myprotocol,
>> proto_myprotocol);
>>
>> dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
>> dissector_add_uint("tcp.port",
>> global_myprotocol_port, myprotocol_handle); // Registering this on top of
>> TCP was only to develop the dissection part, this won't be present in the
>> release version
>>
>>
>> }
>>
>>
>> ----------------------------------------------------------------------------------
>>
>>
>> This document is strictly confidential and intended only for use by the
>> addressee unless otherwise stated.  If you are not the intended recipient,
>>
>> please notify the sender immediately and delete it from your system.
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>             mailto:wireshark-dev-requ...@wireshark.org
>> ?subject=unsubscribe
>>
>
>
>
> --
> Thanks,
> Ashish
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to