Wireshark mailing list archives
Re: switch between protocols
From: Lange Jan-Erik <Jan-Erik.Lange () haw-hamburg de>
Date: Thu, 9 Dec 2010 08:52:38 +0100
I realized the behavior using a heuristic dissector now and it works. In my case it is a low level protocol, that doesn't even base on ethernet. I use wtab_encap for reading. But the method with the dissector handoff table sounds interesting to me. Unfortunatley I dont have any information about realizing this in my code. In the readme.DELEVOPER I didn't found advanced dissecting techniques like this. There are only simple dissectors described. Do you know which file an example of such a "dissector handoff table" contains? ________________________________________ Von: wireshark-dev-bounces () wireshark org [wireshark-dev-bounces () wireshark org] im Auftrag von Guy Harris [guy () alum mit edu] Gesendet: Mittwoch, 8. Dezember 2010 19:01 An: Developer support list for Wireshark Betreff: Re: [Wireshark-dev] switch between protocols On Dec 8, 2010, at 7:39 AM, Christopher Maynard wrote:
Lange Jan-Erik <Jan-Erik.Lange@...> writes:Dependent on the value of a type field I want to dissect a packet withprotocol A or protocol B.Is this a typical application for the use of a heuristic dissector? Or how canI realize the switch between the to protocolls? A heuristic dissector is basically one that is handed a tvb and it must try to guess whether the data contained within the tvb is relevant to that particular dissector or not. In this case, it doesn't sound to me like a heuristic dissector would apply. Rather, if you have protocol X that contains a type field, such that when that type field is a specific value, 'A' for instance, you always know that the payload is protocol A, then you probably just want to directly call the dissector for protocol A.
Or you could have the dissector for the protocol containing the type field create a dissector handoff table, have the dissectors for protocols A and B register in that table with the appropriate values for the type field, and have the dissector for the protocol containing the type field use the handoff table in a call to dissector_try_port(). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- switch between protocols Lange Jan-Erik (Dec 08)
- Re: switch between protocols Christopher Maynard (Dec 08)
- Re: switch between protocols Guy Harris (Dec 08)
- Re: switch between protocols Lange Jan-Erik (Dec 08)
- Re: switch between protocols Guy Harris (Dec 09)
- Re: switch between protocols Guy Harris (Dec 08)
- Re: switch between protocols Christopher Maynard (Dec 08)