Hi, im kind of new developing with wireshark. Im now working with custom dissectors, and im having trouble finding documentation for it. Is there a place qhere i can find a complete guide? Or at least, what im looking for is to know the functions that we have, and what parameters you have to put into them. For example proto_item_add_subtree() or col_add_fstr(). Maybe im missing something, but so far, i can find some third parties guides to make a baseic foo disector. But i start having trouble when i try to do something more complex. Thanks in advance asked 19 Aug '14, 10:30  ingcpt |
One Answer:
There's the Developers Guide and the content of the docs directory in the source tree, in particular README.dissector. answered 19 Aug '14, 11:07  grahamb ♦ |
Ive been reading this documentation, and theres something basic I cant find. How do you know the legnth of the data in the packet? In my protocol, i have an initial header, and then an unkown amount of structures. These structures have 1 byte for legnth, and then the data itself. Id like to do something like while(offset<TotalLength) { //Work with the structures }
How do i know the Total Length? Thanks in advance
The tvb contains the data handed to your dissector. There are two length options, the reported length (
tvb_reported_length(tvb)) which is the length that data originally had "on-the-wire" and the captured length (tvb_captured_length(tvb)) which is the length that was actually captured.In general you should be using the reported length and allow your dissector to cause an exception if the captured length is less than the reported length so the UI can show the packet has been truncated.
One thing to know, in Wireshark all packet data is passed on through TVB's. It might be time to go deeper and familiarize yourself with the inner workings of Wireshark (coding a dissector IS using the inner workings). For instance start with reading the epan/tvbuff.h