Wireshark mailing list archives
Use of wireshark to interpret input data that does not depend on any other existing protocols
From: Mrunal Upadhyay <m.upadhyay () sta samsung com>
Date: Thu, 21 Apr 2011 01:19:34 -0500
Hi All, I am adding a new protocol to wireshark that does not rely or depend on any other protocols(tcp, udp, ethernet,ppp,etc). I will be thankful if anyone can help me understand the following things: 1. I have written the protocol dissector for my unique protocol. But how do I differentiate the input packets in .pcap file so that only my protocol dissector gets called to process the data? And how can I add uniqueness to the input data stream to customize it to my protocol. Is the protocol identified by means of some common pattern in the input stream of bytes .If that is the case, how can I do that? 2. What is the difference between the dissector table and encapsulation table. I have understood how the protocol dissector encodes the input data and display it in a tree based on the formatting defined by static arrays ett and hf. What all steps I need to perform in order to write a protocol dissector that does not depend on any existing protocols and customize the input data in pcap file so that my protocol dissector gets called only when it comes across correct input data. Mrunal
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Use of wireshark to interpret input data that does not depend on any other existing protocols Mrunal Upadhyay (Apr 20)
- <Possible follow-ups>
- Re: Use of wireshark to interpret input data that does not depend on any other existing protocols Mrunal Upadhyay (Apr 24)