Hi I am working on a file reader that can read dump files containing ETSI (Ber encoded) data and .... struggling. Especially when trying to dissect the data. I already implemented a dissector, a simple ber-based reader and a packet-encap file, but the dissection mechanism, and how to call the dissector is still a bit of a mystery to me. Any documentation / examples / tips are welcome. asked 12 Jul '12, 07:50  Michel |
One Answer:
So what you'd probably need to do here is:
answered 13 Jul '12, 18:07  Guy Harris ♦♦ |
So what do you mean by "a simple BER-based reader" and "a packet-encap file"? Presumably you have a file that plugs into the Wiretap library to read the file (although if it's just BER-encoded data and the top-level encoding is a SET or a SEQUENCE or a CONTEXT less than 32, there's already code in Wireshark to read it -
wiretap/ber.c), and a dissector for the BER-encoded data; is the issue one of connecting the two, so that the contents of the file are dissected by your dissector?)I am trying to create a reader to read a dump file containing ber encoded tlv packets (etsi protocol). The ber.c reader can read some packets from my dump file, but is not capable of reading the entire dump itself, and has some packet size restrictions. So, I have to create a reader of my own.
Furthermore I use the mime_file, packet-mime-encap.c and packet-image-jfif.c as an example to find out how the dissector call mechanism works.
Thus I am in the assumption that I need a packet-etsi-encap.c file to do the trick, but I am not sure if I am on the right track.