Hi Eddie,
I'm almost a beginner so maybe I'm wrong, but here is what I suppose:
udp.proto doesn't exists; if you want to dissect all frames that contain udp
protocol, you should use:
dissector_add("ip.proto", 0x11, red_handle)
but in this case you lose the UDP dissection (and your dissection will be
eth:ip:red) and maybe create conflict (I think it can works if you disable the
UDP protocol in WS).
The parameter you give in "dissector_add" should be an expression associated
with a hf_field in the lower dissector (in your case, UDP), so all the filter
expressions you can find in the WS filter toolbar should work.
So in your case, you should use:
dissector_add("udp.length", your_length, red_handle)
where your_length is the length of your protocol (i.e. the UDP payload) + the 8
bytes of UDP header.
use also tcp.pdu.size or tcp.len (I don't know the difference and if length
include header because I don't use TCP protocol; check in packet-tcp.c how they
are defined)
Hoping my help will be useful,
Yvan
________________________________
De : "[email protected]" <[email protected]>
À : [email protected]
Envoyé le : Jeudi, 23 Avril 2009, 12h41mn 02s
Objet : [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter
for dissector_add()
Hello,
I'm writing a dissector and there is a Problem:
I want to dissect all TCP and UDP-Protocols (actually I only want to dissect
Protocols with a special data length, but tvb_length(tvb) doesn't work before
initializing.)
So I tryed dissector_add("udp.proto", 0x11, red_handle) to dissect all packages
and later I want look for the data-length. But when I start wireshark an error
message appears:
Runtime Error!
Program: C:\wireshark\wireshark-gtk2\wireshark.exe
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
I don't know if "udp.proto" is the right parameter. Is ther a list with
parameters for dissector_add()?
Or is there another way to dissect only packages with a special data length?
Thank you for the help
Eddie
--
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen:
http://www.gmx.net/de/go/multimessenger01
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
