I did so by using this function:
void proto_register_myprotocol(void)
{
...
register_dissector("MY_PROTOCOL", dissect_myprotocol, proto_my_protocol);
}
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss <[email protected]>wrote:
> For this to work your dissector needs to be registered by name. To get
> that it needs to call register_dissector().
>
> Armando Vázquez wrote:
>
>> Thanks ashis!
>>
>> When I tried this my protocol does not show up as a valid protocol, why
>> is that? I tried using my dissector for the header protocol, but it should
>> also disscet 2 trailer bytes, does that represent a problem ? What should I
>> put in the header size field?
>>
>> Besides, I've read that using the GUI and editing the DLT_User is the
>> same as using the function dissector_add_uint(), am I right? If so, why
>> isn't working? should I change something else in pcap-common.c or wtap.c or
>> wtap.h?
>>
>>
>> Armando Vázquez Ramírez
>>
>>
>> On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
>> <[email protected]<mailto:
>> ashish.kumar.goel1@**gmail.com <[email protected]>>> wrote:
>>
>> Hi Armando,
>>
>> The is a way you can do it through wireshark GUI. Go to preferences
>> -> protocols -> DLT_User. Here click on edit and add your protocol
>> on any of the User DLTs(147 - 162). But make sure that that the pcap
>> file you are using must have defined the same DLT value in its
>> global header.
>>
>> Hope this helps.
>>
>> Thanks,
>> Ashish
>> 2012/3/2 Armando Vázquez <[email protected] <mailto:[email protected]>>
>>
>>
>> Hi guys,
>>
>> I've read the developers guide, README.developer, wiretap plugin
>> wiki and found no answer. Here is my problem. I'm trying to use
>> Wireshark for dissecting a pcap capture of a protocol that it's
>> not currently defined in wireshark. So I started writing a
>> plugin, but I haven't been able to declare or register this
>> dissector so it is enabled as a link layer dissector. I need to
>> achieve this because this is not a internet protocol, so I need
>> to identify it in this layer.
>>
>> I've already read this dev-topic
>> (http://www.mail-archive.com/**[email protected]/**
>> msg05931.html<http://www.mail-archive.com/[email protected]/msg05931.html>
>> )
>> but I didn't understand it well.
>>
>> The dissection part works fine, I've tested it using a pcap and
>> nesting it on top of TCP. I would really appreciate your help.
>> Also I've added in wtap.h
>>
>> #define WTAP_ENCAP_MYPROTOCOL 147
>>
>> and in wtap.c
>>
>> static struct encap_type_info encap_table_base[] = {
>> ...
>> { "RESERVED 138", "res0" },
>> { "RESERVED 139", "res1" },
>> { "RESERVED 140", "res2" },
>> { "RESERVED 141", "res3" },
>> { "RESERVED 142", "res4" },
>> { "RESERVED 143", "res5" },
>> { "RESERVED 144", "res6" },
>> { "RESERVED 145", "res7" },
>> { "RESERVED 146", "res8" },
>>
>> /* WTAP_ENCAP_MYPROTOCOL*/
>> { "MY PROTOCOL, "myprotocol" }
>> };
>>
>> Here are the register and handoff sections of my code
>>
>> ------------------------------**------------------------------**
>> ----------------------
>> void proto_register_myprotocol (void)
>> {
>> ...
>>
>> myprotocol_dissector_table =
>> register_dissector_table("**myprotocol.proto","ACN protocol
>> number", FT_UINT8, BASE_HEX);
>> proto_register_field_array (proto_myprotocol, hf, array_length
>> (hf));
>> proto_register_subtree_array (ett, array_length (ett));
>> register_dissector("**myprotocol", dissect_myprotocol,
>> proto_myprotocol);
>> }
>>
>> void proto_reg_handoff_myprotocol(**void)
>> {
>>
>> data_handle = find_dissector("data");
>> myprotocol_handle = create_dissector_handle(**dissect_myprotocol,
>> proto_myprotocol);
>> dissector_add_uint("wtap_**encap", WTAP_ENCAP_MYPROTOCOL,
>> myprotocol_handle);
>> dissector_add_uint("tcp.port",
>> global_myprotocol_port, myprotocol_handle); // Registering this
>> on top of TCP was only to develop the dissection part, this
>> won't be present in the release version
>>
>>
>> }
>>
> ______________________________**______________________________**
> _______________
> Sent via: Wireshark-dev mailing list <[email protected]>
> Archives:
> http://www.wireshark.org/**lists/wireshark-dev<http://www.wireshark.org/lists/wireshark-dev>
> Unsubscribe:
> https://wireshark.org/mailman/**options/wireshark-dev<https://wireshark.org/mailman/options/wireshark-dev>
>
> mailto:wireshark-dev-request@**wireshark.org<[email protected]>
> ?subject=**unsubscribe
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
