With this method you have to dissect the whole frame, including the MAC addresses, ethertyp, vlan tag, etc..
Maybe someone knows another method to keep the original Ethernet header info? ________________________________ Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von yenan Gesendet: Freitag, 22. Februar 2008 01:06 An: Developer support list for Wireshark Betreff: Re: [Wireshark-dev] [HELP]How to dissect a packet withouta protocol? It can only be digged out by i Thank you very very much, Holger!! Using heur_dissector seems I have to dissect whold frame including the mac address, even the header is in prefect Ethernet II frame format? Regards Nan ________________________________ Date: Thu, 21 Feb 2008 09:15:26 +0100 From: [EMAIL PROTECTED] To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] [HELP]How to dissect a packet without a protocol? It can only be digged out by its Dst Mac or Vlan I Hi Nan, you can easily register to a MAC address or any other byte in a frame by using a heuristic dissector. Register the dissector: heur_dissector_add("eth", dissect_foo_heur, proto_foo); Use this dissector function: static gboolean dissect_foo_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { /* check if destination MAC equals 01:02:03:04:05:06 */ if ( (tvb_get_guint8(tvb, 0) == 0x01) && (tvb_get_guint8(tvb, 1) == 0x02) && (tvb_get_guint8(tvb, 2) == 0xa3) && (tvb_get_guint8(tvb, 3) == 0x04) && (tvb_get_guint8(tvb, 4) == 0x05) && (tvb_get_guint8(tvb, 5) == 0x06) ) { /* do dissecting */ ) else { /* MAC does not match */ return FALSE; } return TRUE: } This works perfect for me. Holger ________________________________ Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von yenan Gesendet: Donnerstag, 21. Februar 2008 02:00 An: wireshark-dev@wireshark.org Betreff: [Wireshark-dev] [HELP]How to dissect a packet without a protocol? It can only be digged out by its Dst Mac or Vlan I Hi folks: Im writing a plugin for a packet store in the payload of standard "802.1Q Virtual LAN" packet ,this packet does not have protocol itself, it can only be digged by its Dst Mac address or Vlan Id, how could I dissect such a packet? I tried to use : register_dissector_table() in vlan.c to create dissector table for "vlan.id", and in the plugin I used dissector_add() tring to call the dissector, but wont work! so , should I also use : dissector_try_port(), what should I pass in these functions ? Any information I can read and lean rn for these functions? And last question, if I try to dig out the packet by its dst mac address, what should I do? I find out the address are in FT_ETHER type, how can I handle such types? I went through readme.develper couple times, still know very little for wireshark, are there anymore documents will explain the functions and structure in more detail? Really need help!Thanks millions!Any information will be greatly appreciated! Nan ________________________________ Windows Live Writer,支持离线撰写博客内容,随时随地想写就写。 立即使用! <http://get.live.cn/product/writer.html> Hilscher Gesellschaft für Systemautomation mbH Rheinstr. 15, 65795 Hattersheim Sitz der Gesellschaft: Hattersheim Gesch?ftsführer: Hans-Jürgen Hilscher Registergericht: Amtsgericht Frankfurt/Main Handelsregister: Frankfurt B 26873 www.hilscher.com <http://www.hilscher.com/> ________________________________ Windows Live Writer,支持离线撰写博客内容,随时随地想写就写。 立即使用! <http://get.live.cn/product/writer.html> Hilscher Gesellschaft für Systemautomation mbH Rheinstr. 15, 65795 Hattersheim Sitz der Gesellschaft: Hattersheim Gesch?ftsführer: Hans-Jürgen Hilscher Registergericht: Amtsgericht Frankfurt/Main Handelsregister: Frankfurt B 26873 www.hilscher.com
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
