Hello,
I'm new to wireshark development and have read the README.developer only 1 time
so far. *smile*
I've finally got a development environment with MS VC++ 6 and cygwin working,
and I've built wireshark and have it running from the source, I then built a
"dissector" with very little/nothing in it, and I can see it in the "enable
dissectors" list, but I can't seem to select it to "force" a packet to be
dissected with it, etc. So, with my (non-plug-in) dissector, I have a build
that works correctly it appears, but my dissector doesn't yet do anything
useful.
Now before I do anything useful with it, I wanted to see it at least get
"hooked into" wireshark so it'll be called when appropriate.
I'm trying to figure out exactly how to get an existing dissector (is that an
upper or lower one??, and I'm not sure exactly one would call my dissector(s))
to call a new dissector I'm going to write (maybe it's really called a
sub-dissector?). Actually, I have a few different ones I need to write, and so
I need to have "hooks" in for a few different cases.
Here's the cases:
a) I have a "protocol" that has a 0x6100 in the "ethertype" field of an
Ethernet packet. How do I get one of the dissectors to call mine if it sees
this in the packet?
I also have 2 more "protocols" that are similar with 0x6101 and 0x6102 in that
field.
I don't have the capture file in front of me to be more specific.
b) I have a set of messages that are IP/UDP, and they have specific information
in the first few bytes of the "data" part of a UDP packet. How do I "hook in"
my dissector for this case?
Any help is greatly appreciated.
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
