Thanks Steve. Your approached helped me in getting to invoke the http dissector. However, the entire tcp conversation is also being dissected as http. I just want the first request-response packets to be interpreted as http and not the rest. Is there a way to choose the packets in the trace that can be dissected as http and not the entire conversation.
Below are the first 3 packets from the trace. I would like to not treat the packets from the 3rd as HTTP. Thats where the custom protocol data is. Frame 151 (156 bytes on wire, 156 bytes captured) Ethernet II, Src: Ibm_ae:9c:f5 (00:11:25:ae:9c:f5), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01) Internet Protocol, Src: 10.216.132.102 (10.216.132.102), Dst: 10.102.32.56 ( 10.102.32.56) Transmission Control Protocol, Src Port: 3560 (3560), Dst Port: http (80), Seq: 1, Ack: 1, Len: 102 Hypertext Transfer Protocol GET /test.pl HTTP/1.1\r\n \r\n Frame 162 (198 bytes on wire, 198 bytes captured) Ethernet II, Src: Cisco_23:1a:c0 (00:15:c7:23:1a:c0), Dst: Ibm_ae:9c:f5 (00:11:25:ae:9c:f5) Internet Protocol, Src: 10.102.32.56 (10.102.32.56), Dst: 10.216.132.102 ( 10.216.132.102) Transmission Control Protocol, Src Port: http (80), Dst Port: 3560 (3560), Seq: 1, Ack: 103, Len: 144 Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Content-Type: text/html\r\n Cache-control: no-cache\r\n Pragma: no-cache\r\n Content-Length: 0\r\n \r\n Frame 746 (134 bytes on wire, 134 bytes captured) Ethernet II, Src: Ibm_ae:9c:f5 (00:11:25:ae:9c:f5), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01) Internet Protocol, Src: 10.216.132.102 (10.216.132.102), Dst: 10.102.32.56 ( 10.102.32.56) Transmission Control Protocol, Src Port: 3560 (3560), Dst Port: http (80), Seq: 103, Ack: 145, Len: 80 Hypertext Transfer Protocol Data (80 bytes) thanks, Ravi. *From*: Stephen Fisher <[EMAIL PROTECTED]<[EMAIL PROTECTED]>
*Date*: Sat, 16 Jun 2007 18:16:04 -0700 On Sat, Jun 16, 2007 at 05:34:08PM -0700, Ravi Kondamuru wrote:
I am implementing a tcp based custom protocol dissector. Each tcp conversation starts with a http request-response followed by a series of custom protocol data exchanges. I have been able to implement dissecting the custom protocol, however for the initial request/ response, I am not able to figure out how to call the tcp sub-dissectors to take care of dissecting it. I have some rudimentary mechanism to identify if it is a http packet or a custom data packet.
Try looking at the http_payload_subdissector function in epan/dissectors/packet-http.c to see how it calls the tcp sub-dissectors based on the destination port number of a "CONNECT <hostname>:<port>" request seen in the HTTP part of the conversation. Specifically look at this call: dissect_tcp_payload(next_tvb, pinfo, 0, tcpinfo->seq, /* 0 = offset */ tcpinfo->nxtseq, dissect_as, pinfo->destport, tree, tree, tcpd); Let us know if you need further assistance. Steve
_______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
