Is it possible to Call my custom Dissector based on 4 different IP addresses? asked 14 Jan '13, 11:41  jballard1979 |
2 Answers:
Does your protocol run directly atop IP (in which case it should have an IP protocol number assigned to it), or does it run atop a protocol that runs atop IP, such as TCP or UDP? If it runs atop TCP or UDP, you would register your dissector as a heuristic dissector in the "tcp" or "udp" heuristic dissector table, and it would check to see whether:
and if both are the case, it would look at the first and last bytes and, if the first byte is 0x01 and the last byte is 0x0d, dissect the packet and return TRUE, otherwise return FALSE. (Note that this is harder if it runs over TCP, as a packet could be split between two TCP segments, in which case your dissector wouldn't see the first and last bytes.) answered 16 Jan '13, 20:28  Guy Harris ♦♦ edited 16 Jan '13, 20:28 |
Not without some hack to the IP dissector, it sounds wierd that a protocol should be tied to an IP address. You could set up a dissector table in packet-ip.c based on IP(GUINT32) and have your dissector register to it. Are you sure there is no better way to find your dissector based on port or information in the packet from the previous protocol in the stack? If your protocol sits directly on top of IP you should use the protocol byte for your protocol e.g set it to the unique value of your protocol. answered 14 Jan '13, 22:47  Anders ♦ That's a great idea, The data per my custom protocol always begins with a byte value of 01 and ends with 0d. Are there any examples that would show the aforementioned technique? (15 Jan '13, 03:36) jballard1979 |
I hard coded all the ports in my handoff registration. I was making it way to difficult. Thanks a ton for you response. :)