I actually figured out a solution to my problem. I was fortunate in wanting to dissect a field in an HTTP payload. I completely looked over the fact that HTTP has all of its fields neatly laid out with strings, so I'm just intercepting the http dissector, doing a couple strstr()'s on it, and giving it back to the http dissector if I'm not interested in it.
On Tue, Feb 23, 2010 at 15:47, Maynard, Chris <[email protected]> wrote: > Which field of which dissector are you interested in? If you're lucky, it > might already be available to your plugin in the packet_info struct. > > - Chris > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jeremy O'Brien > Sent: Tuesday, February 23, 2010 2:50 PM > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Dissecting a portion of a protocol owned > byanotherdissector > > Hmm... I was trying to avoid touching any existing dissectors to allow > my plugin to be as modular as possible. There's no other (easy) way? > > On Tue, Feb 23, 2010 at 14:11, Anders Broman <[email protected]> wrote: >> Hi, >> Not easily, but if you are doing something reasonably like dissecting >> Vendor specific fields a patch to the existing dissector providing a "hook" >> For a plugin would be acceptable, like registering a dissector table a >> Custom plugin could register in. >> >> Regards >> Anders >> -----Ursprungligt meddelande----- >> Från: [email protected] >> [mailto:[email protected]] För Jeremy O'Brien >> Skickat: den 23 februari 2010 19:02 >> Till: Developer support list for Wireshark >> Ämne: [Wireshark-dev] Dissecting a portion of a protocol owned by >> anotherdissector >> >> Hello, >> >> I am trying to write a wireshark plugin that dissects only a certain >> field of another dissector. I read about writing tap dissectors, but >> these seem to still receive entire packets rather than just the >> portion I'm interested in. I am trying to avoid copying large chunks >> of the main dissector just to get down to the area my dissector is >> interested in. Does wireshark provide a way to do this? >> >> Thank you, >> Jeremy >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <[email protected]> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:[email protected]?subject=unsubscribe >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <[email protected]> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:[email protected]?subject=unsubscribe >> > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > CONFIDENTIALITY NOTICE: The contents of this email are confidential > and for the exclusive use of the intended recipient. If you receive this > email in error, please delete it from your system immediately and > notify us either by email, telephone or fax. You should not copy, > forward, or otherwise disclose the content of the email. > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
