Re: [Wireshark-dev] Feeding the 802.15.4 Dissector

Wed, 31 Jul 2013 02:49:22 -0700 

Hey Tomasz, thanks for the anwser. But my main question is how to write the
bytes into the pipe so that Wireshark recognizes them as IEEE 802.15.4
packets, kinda like a structure that Wireshark is waiting for. I cannot
just write the packet into the pipe, Wireshark gives me an error :S

Thanks again

Cumprimentos,
Rui Pedro Caldeira


On Wed, Jul 31, 2013 at 6:35 AM, Tomasz Moń <deso...@gmail.com> wrote:

> On Tue, Jul 30, 2013 at 3:49 PM, Rui Pedro Caldeira
> <rpcalde...@outlook.com> wrote:
> > Hello, I'm using Wireshark to read from a pipe and i'm using the native
> IEEE
> > 802.15.4 dissector, but I'm having trouble feeding Wireshark the proper
> > bytes. I've tried to search but I can't find the right sequence of bytes
> the
> > dissector is waiting for.
> >
> > Can anyone help me? Thanks in advance.
>
> Not sure if that's exactly what you are asking for, but:
>
> 802.15.4 dissector does following in proto_reg_handoff_ieee802154:
>
>     dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE802_15_4,
> ieee802154_handle);
>     dissector_add_uint("wtap_encap",
> WTAP_ENCAP_IEEE802_15_4_NONASK_PHY, ieee802154_nonask_phy_handle);
>     dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE802_15_4_NOFCS,
> ieee802154_nofcs_handle);
>     dissector_add_uint("sll.ltype", LINUX_SLL_P_IEEE802154,
> ieee802154_handle);
>
> If you look into wiretap/pcap-common.c you will find that following
> linktypes are assigned for the WTAP_ENCAP_ defines:
>
>     /* IEEE 802.15.4 Wireless PAN */
>     { 195, WTAP_ENCAP_IEEE802_15_4 },
>     ...
>     /* IEEE 802.15.4 Wireless PAN non-ASK PHY */
>     { 215, WTAP_ENCAP_IEEE802_15_4_NONASK_PHY },
>     ...
>     /* IEEE 802.15.4 Wireless PAN no fcs */
>     { 230, WTAP_ENCAP_IEEE802_15_4_NOFCS },
>
> Now, get over to the tcpdump linktypes [1] and check the descriptions
> for 195, 215, 230. Choose the one that is closest match to your data
> and then set that number as linktype in pcap header.
>
> [1] http://www.tcpdump.org/linktypes.html
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to