Hi, allI am a newbie on dissector development. I have a question about the "dissector_add( )" function. I went through a few examples, most of them are using "tcp.port" or "udp.port" or something like that.My dissector not uses any port number to instruct wireshark to pass packets to my dissector, instead i want it to be called only when eth.dst is of certain pattern and i don't want to use heuristic dissector coz that's getting complicated. So i was wondering if we have any way to get my dissector called for all packets ? asked 14 Jun '12, 17:50  yogeshg |
One Answer:
If you want to know how dissection chaining works in the case, have a look at epan/dissectors/packet-udp.c and epan/dissectors/packet-tcp.c. They each have a call to register_dissector_table(), one with "udp.port", the other with "tcp.port". Now look at epan/dissectors/packet-eth.c, it doesn't have one, so that won't work. What it does have is register_heur_dissector_list("eth",...) which is used when the frame comes in. That would be perfect for you. Check if the destination address is yours/dissect/return true, otherwise simply return false. answered 15 Jun '12, 15:32  Jaap ♦ |
