Hi Armando, Have you checked if your protocol is registered or not. One way to check this is to type your protocol's name in Wireshark's Display Filter textbox, the textbox's background should turn green. If your protocol is registered and it is not showing as valid protocol while adding to DLT_User encapsulation table then DLT_user file might have been corrupted. Try creating a new workspace and implement your changes into that. It should work.
2012/3/3 Armando Vázquez <avr...@gmail.com> > Thanks ashis! > > When I tried this my protocol does not show up as a valid protocol, why is > that? I tried using my dissector for the header protocol, but it should > also disscet 2 trailer bytes, does that represent a problem ? What should I > put in the header size field? > > Besides, I've read that using the GUI and editing the DLT_User is the same > as using the function dissector_add_uint(), am I right? If so, why isn't > working? should I change something else in pcap-common.c or wtap.c or > wtap.h? > > > Armando Vázquez Ramírez > > > > On Sat, Mar 3, 2012 at 6:27 AM, ashish goel > <ashish.kumar.go...@gmail.com>wrote: > >> Hi Armando, >> >> The is a way you can do it through wireshark GUI. Go to preferences -> >> protocols -> DLT_User. Here click on edit and add your protocol on any of >> the User DLTs(147 - 162). But make sure that that the pcap file you are >> using must have defined the same DLT value in its global header. >> >> Hope this helps. >> >> Thanks, >> Ashish >> 2012/3/2 Armando Vázquez <avr...@gmail.com> >> >>> Hi guys, >>> >>> I've read the developers guide, README.developer, wiretap plugin wiki >>> and found no answer. Here is my problem. I'm trying to use Wireshark for >>> dissecting a pcap capture of a protocol that it's not currently defined in >>> wireshark. So I started writing a plugin, but I haven't been able to >>> declare or register this dissector so it is enabled as a link layer >>> dissector. I need to achieve this because this is not a internet protocol, >>> so I need to identify it in this layer. >>> >>> I've already read this dev-topic ( >>> http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html) >>> but I didn't understand it well. >>> >>> The dissection part works fine, I've tested it using a pcap and nesting >>> it on top of TCP. I would really appreciate your help. >>> >>> Also I've added in wtap.h >>> >>> #define WTAP_ENCAP_MYPROTOCOL 147 >>> >>> and in wtap.c >>> >>> static struct encap_type_info encap_table_base[] = { >>> ... >>> { "RESERVED 138", "res0" }, >>> { "RESERVED 139", "res1" }, >>> { "RESERVED 140", "res2" }, >>> { "RESERVED 141", "res3" }, >>> { "RESERVED 142", "res4" }, >>> { "RESERVED 143", "res5" }, >>> { "RESERVED 144", "res6" }, >>> { "RESERVED 145", "res7" }, >>> { "RESERVED 146", "res8" }, >>> >>> /* WTAP_ENCAP_MYPROTOCOL*/ >>> { "MY PROTOCOL, "myprotocol" } >>> }; >>> >>> Here are the register and handoff sections of my code >>> >>> >>> ---------------------------------------------------------------------------------- >>> void proto_register_myprotocol (void) >>> { >>> ... >>> >>> myprotocol_dissector_table = >>> register_dissector_table("myprotocol.proto","ACN protocol number", >>> FT_UINT8, BASE_HEX); >>> proto_register_field_array (proto_myprotocol, hf, array_length (hf)); >>> proto_register_subtree_array (ett, array_length (ett)); >>> register_dissector("myprotocol", dissect_myprotocol, proto_myprotocol); >>> } >>> >>> void proto_reg_handoff_myprotocol(void) >>> { >>> >>> data_handle = find_dissector("data"); >>> myprotocol_handle = create_dissector_handle(dissect_myprotocol, >>> proto_myprotocol); >>> >>> dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle); >>> dissector_add_uint("tcp.port", >>> global_myprotocol_port, myprotocol_handle); // Registering this on top of >>> TCP was only to develop the dissection part, this won't be present in the >>> release version >>> >>> >>> } >>> >>> >>> ---------------------------------------------------------------------------------- >>> >>> This document is strictly confidential and intended only for use by the >>> addressee unless otherwise stated. If you are not the intended recipient, >>> >>> please notify the sender immediately and delete it from your system. >>> >>> ___________________________________________________________________________ >>> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >>> Archives: http://www.wireshark.org/lists/wireshark-dev >>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >>> mailto:wireshark-dev-requ...@wireshark.org >>> ?subject=unsubscribe >>> >> >> >> >> -- >> Thanks, >> Ashish >> >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe >> > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > -- Thanks, Ashish
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
