I am using eth heuristic dissector and my protocol relevant data will be part of ethernet payload and located at the end of ethernet payload. Now in dissect_myproto , the tvb pointer will directly/autonomously point to my protocol relevant data when my dissector gets called or i will have to manipulate it to point to my protocol relevant data and if yes then how ? .. earlier my protocol relevant data was coming first thing in ethernet payload and i was dissecting it followed by call to call_dissector for ip for eg. :- call_dissector(ip_handle,.... (inside diseector function) .. where ip_handle is ip_handle = find_dissector("ip");(inside reg_handoff) But now my protocol relevant data is at end of eth payload so if i call call_dissector first for "eth" and then do my dissection , will it work ? asked 05 Jun '12, 19:59  yogeshg |
One Answer:
The Ethernet dissector has an eth.trailer subdissector list which you can use. Have a look at the Ethernet dissector how this is called. answered 06 Jun '12, 01:14  Jaap ♦ |
Is it possible anyhow that i can dissect http payload while having heuristic dissector of eth , normally i guess if we have eth heuristic dissector then tvb will point to eth payload but i want http payload which will effectively form last part of eth payload.