This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to dissect bytearray of tcp payload

0
1

i have ByteArray of TCP payload (diameter message),(using getByteArray API on Diameter request message)

now i want to dissect and print the diameter data.

i have looked into the code of wireshark, could not find any way to do it.

please suggest some way to do it.

thanks

asked 25 Mar '14, 04:44

Sanny_D's gravatar image

Sanny_D
0182021
accept rate: 50%

What's wrong with the built in dissector? You can add your own .xml files to dissect vendor AVPs.

(25 Mar '14, 05:50) Anders ♦

my question did not sound clear, sorry for that.

i am not using wireshark directly,actually, i have written a C code to dissect network packet,

on the C++ Diameter request object i called getByteArray API and stored it in a memory area, clearly it doesnt contain ether,ip,tcp/udp header information.

now i want to dissect this ByteArray using wireshark API.

how to do it.

(25 Mar '14, 22:44) Sanny_D

See if I got this right, you have extracted the bytes of a Diameter PDU into a buffer in your program and now you want to use Wiresharks code as a library to "dissect" these bytes by calling some API in libwireshark? I'm not sure that would be trivial.

(26 Mar '14, 01:57) Anders ♦

this is exactly what i want to do. using libwireshark i have done dissection of pcap packets (whole) before, but coudnt find a way to directly dissect ByteArray. is this possible

(27 Mar '14, 04:54) Sanny_D

2 Answers:

0

have done it using wireshark dissector code.

answered 04 Apr '14, 08:16

Sanny_D's gravatar image

Sanny_D
0182021
accept rate: 50%

hm.. answering your own question with a status update and accepting that, isn't exactly how this site works. Please read the FAQ:

http://ask.wireshark.org/faq/

(04 Apr '14, 08:58) Kurt Knochner ♦

dint find this in faq, well,i it did on purpose, so that it can help others,

(04 Apr '14, 09:23) Sanny_D

1

but coudnt find a way to directly dissect ByteArray. is this possible

as I see it, you have the following options:

  • write your own dissector code, without the help of Wireshark code
  • use a pcap library (either C++ or another language with interface code) that provides Diameter support, like jnetpcap. Maybe you can borrow from libcrafter.
  • use the code of the Wireshark Diameter dissector as an example to write your own code. I guess that's rather hard, as the Diameter dissector code is not exactly the easiest dissector of all.
  • 'dump' your byte array into a dummy frame (eth/ip/udp), similar to text2pcap, then call tshark on the generated pcap file, parse the output of tshark and use the results in your code

Regards
Kurt

answered 27 Mar '14, 11:59

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

thanks kurt!

what i am trying to do is , calling

dissect_diameter_tcp (tvb,pinfo, tree))

API with each argument initialized with required values, is this correct approach, i am not sure if i can populate these structures with correct values.

(30 Mar '14, 22:16) Sanny_D