On Apr 23, 2009, at 1:24 PM, Andrew Kleinerman wrote: > My current project is integrating a small protocol into Wireshark for > analysis and I feel a little out of my depth. The protocol is sent > over TCP on a non-standard port and uses the Sun XDR RPC.
Do you mean "use XDR" or "use RPC"? If you're just using XDR, take a look at the NDMP dissector (epan/ dissectors/packet-ndmp.c); that's an example of a protocol using XDR *without* being based on ONC RPC. If you use RPC... > I went > through the step-by-step guide of creating a basic dissector, and > Wireshark will recognize it as the new protocol. However, my problem > is that I cannot call dissect_rpc or dissect_rpc_tcp from my dissector > (I'm assuming for some good reason) to dissect the RPC. ...then, in Soviet Wireshark, RPC dissector calls YOU! (Sorry, I couldn't resist. :-)) I.e., if your dissector uses ONC RPC, when your dissector registers its program number (with rpc_init_prog()) and its handlers for its procedures (with rpc_init_proc_table()), that tells the RPC dissector how to recognize your protocol; it will call the handlers for your procedures when it recognizes a call to or reply from one of them. See, for example, epan/dissectors/packet-rwall.c. > So I'm > guessing I have to make the RPC dissector properly see it on a > different port (is that right?). No. The RPC dissector will handle that for you - it doesn't care what port the traffic uses, as the only ONC RPC-based protocol that *requires* a particular port number is the portmapper/rpcbind protocol (because it's the protocol that's used to find the particular port number/transport-layer address, on a particular server, that a particular RPC program uses). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
