Hi, The pacet capture is handled by libpcap or winpcap (or some other tool/program) depending on the platform used. In the case of Ethernet the capture is made by puting the Ethernet car in promiscuous mode which means that all packets on the network segment the card is on will be captured. Dissection is based on the protocol layer an Ethernet packet will be handled to the Ethernet dissector which in the case of IP will hand it to the IP dissector which will hand it to the UDP dissector in the case of UDP. On UDP it gets trickier to discover what protocol is used on top of UDP basically three metods exists: - Dissector registered on a particular port. - Hueristics ( look at the packet data and guess). - Conversation - A previous (Control packet) packet was dissected which had information about which ports and addresses was going to be used for a certain protocol. Its done in a similar manner for other protocols. BR Anders
________________________________
From: [EMAIL PROTECTED] on behalf of prashanth joshi
Sent: Wed 12/13/2006 4:53 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Protocol development
Hi our requirement is as follows:
The packets are sent from the application to a particular multicast ip address.
Now we want ethereal to capture these packets from the network.
So as I have observed for the implemnation of a protocol, a dissector has to be
registered with a port. But I really dont know how they are getting the packets
capturing at the ip layer. I mean I dont know how ethereal recognizes the ip
address on which it has to capture the ip packets. Pleaseb any one tell me how
this can be done. Besos we are supposed to implement our protocol for a
particular multicast address and a particular udp port.
Regards
Prashanth
[EMAIL PROTECTED] wrote:
Hi,
You can't as you said "register a protocol for an IP address" ... but
you can
register a plugin which will dissect your protocol.
If you only want the dissection for a particular IP address, wireshark
allows
you to create a filter (capture or display).
for a plugin implementation in wireshark see the documentation
http://www.wireshark.org/docs/wsdg_html_chunked/
Regards,
Sebastien Tandel
Selon prashanth joshi :
> Hi all,
> We are required to develop a protocol on ethereal. The packets are
sent to
> a particular ip address and the ethereal is supposed to capture
packets from
> that ip address. Please any one tell me how to register our protocol
for that
> ip address.
> Regards,
> Prashanth.
>
>
> ---------------------------------
> Everyone is raving about the all-new Yahoo! Mail beta.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
________________________________
Need a quick answer? Get one in minutes from people who know. Ask your question
on Yahoo! Answers
<http://answers.yahoo.com/;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx>
.
<<winmail.dat>>
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
