Hi,
I'm looking to write a dissector for a protocol we're using. It uses the
MODBUS protocol - specifically the 'read-and-write multiple registers'
message type (0x17) - to implement an RPC-ish method.
(The write address represents the function, the written data represents
its parameters, and the
S-based
protocol
On Mon, Jun 23, 2008 at 06:12:59PM +1000, Barnes, Pat wrote:
> The current modbus dissector is not suitable - it does not show the
> data anywhere but in the raw output. I need to provide for example,
> the name of the function in the packet summary, and the value
oblems, but crashes Wireshark! (btw, where would a
relevant log file be found?)
If I change "mbtcp" to just "tcp", there are no errors. (but I want to
have the dissector sit under mbtcp so that I can access the mbtcp
fields)
What is happening?
-Original Message-
From: [EM
The dissector I'm working on overrides the mbtcp dissector, to display a
particular subset of the protocol in application-specific detail.
My question is - what's the best way to reject those packets the
dissector is not interested in? I thought that if the dissect_myprot
function returned 0, the
50 PM, Barnes, Pat wrote:
> The dissector I'm working on overrides the mbtcp dissector, to display
> a particular subset of the protocol in application-specific detail.
"Subset" in what sense?
Does your dissector dissect some packets differently from the way the
mbtcp disse
y, 14 July 2008 12:58 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissector - how to reject packets
On Jul 13, 2008, at 5:30 PM, Barnes, Pat wrote:
> The application whose traffic I'm interested uses only Modbus messages
> 0x03 and 0x17, with register addre
If you use a local static variable in the dissect_yourprot() function,
it will store the number across packets.
eg:
//don't expect this to compile, it's just a mock-up
static int dissect_yourprot(pinfo, tvb, tree) {
static guint32 last_sequence_number = 0;
guint32 sequence_number;
I don't have any traffic to test my dissector against, because the
components in the system that will be generating that traffic aren't
ready yet.
Until then, I've used text2pcap to construct some capture files from
scratch. There is a bit of a problem though: The -T (add TCP headers)
option resu
er ideas.
HTH
Abhik.
On Tue, Jul 22, 2008 at 8:50 AM, Barnes, Pat
<[EMAIL PROTECTED]> wrote:
>
> I don't have any traffic to test my dissector against, because the
> components in the system that will be generating that traffic aren't
> ready yet.
>
> Until the
Regarding:
http://www.wireshark.org/lists/wireshark-dev/200802/msg00095.html
I've found that not all the fields in my dissector are displaying inside
custom columns. Specifically, if the field is added with something other
than 'proto_tree_add_item' (i.e. 'proto_tree_add_uint') the column
doesn't
10 matches
Mail list logo
