On Tue, Jan 25, 2011 at 07:57:15PM +0100, Steffen Dettmer wrote: > Hi, > > I have a proprietary, stream-oriented transport protocol, typically > used on serial links, which is difficult to "parse" by hand. The > protocol has port numbers, flags and sequence numbers (similar as > TCP). For TCP, wireshark offers lovely ways to view, analyze and > evaluate traffic. I would like to have the same for my serial > protocol. > > Is wireshark suited to view, analyze and evaluate such a proprietary > protocol?
Yes. I've done exactly that. > I took a look to the documentation and read about dissectors. As far > as I understand essentially they could be implemented in C, Python or > Lua, is that right? I did it in C. > I'd guess a scripting language is more comfortable to use here, so I > think I'd try to learn the basics of Python or Lua to write some frame > decoder. Also, I think a small script file would be easier to pass > around (w/o requiring to recompile/relink wireshark). Is that true? You can build dissectors in C as plugins and easily distribute them for use in stock Wireshark installs. > Since my protocol usually is not used on top of TCP (but plain serial > lines), I think I'd start with text2pcap with serial hex dumps, but as > far as I understood the resulting pcap file is expected to include > Ethernet frames, so I'd get a difficulty here? You can use a different encapsulation. I no longer remember exactly what I did, I'm afraid, but PCAP has some user-defined or reserved or something encapsulation type that you can set to pass dissection to your dissector in the Wireshark preferences. > Any comments appreciated, > Steffen --Greg ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
