Thank you very very much, Holger!!
Using heur_dissector seems I have to dissect whold frame including the mac
address, even the header is in prefect Ethernet II frame format?
Regards
Nan
Date: Thu, 21 Feb 2008 09:15:26 +0100From: [EMAIL PROTECTED]: [EMAIL
PROTECTED]: Re: [Wireshark-dev] [HELP]How to dissect a packet without a
protocol? It can only be digged out by its Dst Mac or Vlan I
Hi Nan,
you can easily register to a MAC address or any other byte in a frame by using
a heuristic dissector.
Register the dissector:
heur_dissector_add("eth", dissect_foo_heur, proto_foo);
Use this dissector function:
static gboolean dissect_foo_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree
*tree)
{
/* check if destination MAC equals 01:02:03:04:05:06 */
if ( (tvb_get_guint8(tvb, 0) == 0x01) &&
(tvb_get_guint8(tvb, 1) == 0x02) &&
(tvb_get_guint8(tvb, 2) == 0xa3) &&
(tvb_get_guint8(tvb, 3) == 0x04) &&
(tvb_get_guint8(tvb, 4) == 0x05) &&
(tvb_get_guint8(tvb, 5) == 0x06) )
{
/* do dissecting */
)
else
{
/* MAC does not match */
return FALSE;
}
return TRUE:
}
This works perfect for me.
Holger
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von yenanGesendet:
Donnerstag, 21. Februar 2008 02:00An: [EMAIL PROTECTED]: [Wireshark-dev]
[HELP]How to dissect a packet without a protocol? It can only be digged out by
its Dst Mac or Vlan I
Hi folks:Im writing a plugin for a packet store in the payload of standard
"802.1Q Virtual LAN" packet ,this packet does not have protocol itself, it can
only be digged by its Dst Mac address or Vlan Id, how could I dissect such a
packet?I tried to use :register_dissector_table() in vlan.c to create
dissector table for "vlan.id", and in the plugin I used dissector_add() tring
to call the dissector, but wont work! so , should I also use :
dissector_try_port(), what should I pass in these functions ?Any information I
can read and leanrn for these functions? And last question, if I try to dig out
the packet by its dst mac address, what should I do? I find out the address are
in FT_ETHER type, how can I handle such types? I went through readme.develper
couple times, still know very little for wireshark, are there anymore documents
will explain the functions and structure in more detail? Really need
help!Thanks millions!Any information will be greatly appreciated! Nan
Windows Live Writer,支持离线撰写博客内容,随时随地想写就写。 立即使用!
Hilscher Gesellschaft für Systemautomation mbHRheinstr. 15, 65795
HattersheimSitz der Gesellschaft: HattersheimGesch?ftsführer: Hans-Jürgen
HilscherRegistergericht: Amtsgericht Frankfurt/MainHandelsregister: Frankfurt B
26873www.hilscher.com
_________________________________________________________________
手机也能上 MSN 聊天了,快来试试吧!
http://mobile.msn.com.cn/_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
