Thanks Steve, the CDP dissector looks very promising, but I am still open for other suggestion ;) Will try to find a cdp trace with a bit more information than in the ones uploaded to the wireshark wiki.
Jan On 18.12.2009, at 10:56, Stephen Fisher wrote: > > On Dec 18, 2009, at 2:11 AM, Jan Gerbecks wrote: > >> ------------------------------------------------------------------------------------------------------------------------------------------------------------- >> | FieldID 8bit | Length 16 bit | Data as specified in FieldId and >> described by length | FieldID | Length | Data|--- | >> ------------------------------------------------------------------------------------------------------------------------------------------------------------- > > This looks just like the common Type-Length-Value (TLV) format > (http://en.wikipedia.org/wiki/Type-length-value > ) used in protocols such as Cisco Discovery Protocol (CDP) and many > others. Unfortunately, Wireshark does not have built-in routines for > easily handling TLV data right now. Try looking at how the CDP > dissector handles it (epan/dissectors/packet-cdp.c). Maybe others can > suggest a better example dissector. > >> To dissect this correctly, I could obviously try to define the >> maximum number of PNRP Ids in the hf_register_info hf[] Array but >> that doesn't seem like a very elegant solution. > >> I had a look at the vnc dissector but it didn't quite solved the >> same problem. > > Yeah.. As the writer of a lot of the VNC dissector, I would say that > it's probably not a good example as the total length of the nested > messages in VNC usually isn't known at the beginning of the message, > so it's kind of a hack to get it to work at all :). > > > Steve > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
