Wireshark mailing list archives
Re: Best practice for dissecting modular protocol
From: Stephen Fisher <steve () stephen-fisher com>
Date: Fri, 18 Dec 2009 02:56:30 -0700
On Dec 18, 2009, at 2:11 AM, Jan Gerbecks wrote:
------------------------------------------------------------------------------------------------------------------------------------------------------------- | FieldID 8bit | Length 16 bit | Data as specified in FieldId and described by length | FieldID | Length | Data|--- | -------------------------------------------------------------------------------------------------------------------------------------------------------------
This looks just like the common Type-Length-Value (TLV) format (http://en.wikipedia.org/wiki/Type-length-value ) used in protocols such as Cisco Discovery Protocol (CDP) and many others. Unfortunately, Wireshark does not have built-in routines for easily handling TLV data right now. Try looking at how the CDP dissector handles it (epan/dissectors/packet-cdp.c). Maybe others can suggest a better example dissector.
To dissect this correctly, I could obviously try to define the maximum number of PNRP Ids in the hf_register_info hf[] Array but that doesn't seem like a very elegant solution.
I had a look at the vnc dissector but it didn't quite solved the same problem.
Yeah.. As the writer of a lot of the VNC dissector, I would say that it's probably not a good example as the total length of the nested messages in VNC usually isn't known at the beginning of the message, so it's kind of a hack to get it to work at all :). Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Best practice for dissecting modular protocol Jan Gerbecks (Dec 18)
- Re: Best practice for dissecting modular protocol Stephen Fisher (Dec 18)
- Re: Best practice for dissecting modular protocol Jan Gerbecks (Dec 18)
- Re: Best practice for dissecting modular protocol Stephen Fisher (Dec 18)