Unfortunately, I don't think Wireshark can't quite do what you want. I am assuming that you have the protocol stack: Ethernet -> maps to next layer by "Ethertype" field IP -> maps to next layer by "Protocol" field UDP -> maps to next layer by "Port" field <your protocol> As Sebastien said, the UDP dissector can only direct to the next layer by port, not by the IP address. You can achieve some of the effect you want by running wireshark with a filter based on IP address, then have your new dissector registered for the correct UDP port. If I've misunderstood the code I'd be grateful to be corrected - I've been looking at this because we have a similar set of requirements. It looks to me as if I would have to make some non-trivial changes to the IP, UDP and TCP dissectors to be able to choose dissectors based on more complex filters (not to mention having to make extensions to the UI). I might have the time to do this, but would have to tread carefully to avoid breaking this (rather central) functionality, and anything I do won't be available for a couple of months. Cheers Doug
________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshi Sent: 13 December 2006 15:53 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Protocol development Hi our requirement is as follows: The packets are sent from the application to a particular multicast ip address. Now we want ethereal to capture these packets from the network. So as I have observed for the implemnation of a protocol, a dissector has to be registered with a port. But I really dont know how they are getting the packets capturing at the ip layer. I mean I dont know how ethereal recognizes the ip address on which it has to capture the ip packets. Pleaseb any one tell me how this can be done. Besos we are supposed to implement our protocol for a particular multicast address and a particular udp port. Regards Prashanth [EMAIL PROTECTED] wrote: Hi, You can't as you said "register a protocol for an IP address" ... but you can register a plugin which will dissect your protocol. If you only want the dissection for a particular IP address, wireshark allows you to create a filter (capture or display). for a plugin implementation in wireshark see the documentation http://www.wireshark.org/docs/wsdg_html_chunked/ Regards, Sebastien Tandel Selon prashanth joshi : > Hi all, > We are required to develop a protocol on ethereal. The packets are sent to > a particular ip address and the ethereal is supposed to capture packets from > that ip address. Please any one tell me how to register our protocol for that > ip address. > Regards, > Prashanth. > > > --------------------------------- > Everyone is raving about the all-new Yahoo! Mail beta. _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ________________________________ Need a quick answer? Get one in minutes from people who know. Ask your question on Yahoo! Answers <http://answers.yahoo.com/;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMz OTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx> . This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies. Detica Limited is registered in England under No: 1337451. Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
