|
i'am working on a project, that is "dissecting capture packets using libwireshark" my code successfully dissected till tcp header but it cant dissect further the payload..the underlying protocol. how to do that.. any help! thanks! |
|
Register you dissector with the TCP dissectors port table, like do: dissector_add_uint("tcp.port", currentPort, PROTOABBREV_handle);
Or, if there's no port relation, register your dissector as heuristic dissector, like so: heur_dissector_add("tcp", dissect_PROTOABBREV, proto_PROTOABBREV);
All this can be found in doc/README.developer and doc/README.heuristic. thanks! but..i am not writing the dissector, just used epan_dissect_run() on the packet, but wireshark is not dissecting further down... :-|
(30 Jan '12, 04:17)
Sanny_D
What should it dissect then further down? What protocol are you referring too? Is that dissector registered and/or configured properly?
(30 Jan '12, 06:59)
Jaap ♦
Diameter protocol..rfc 3588 after tcp header it just prints.. proto-"data", and hex dump of the diameter message its not showing the AVPS in the message.. thanks!
(30 Jan '12, 09:54)
Sanny_D
Is that dissector registered and/or configured properly?
(30 Jan '12, 11:22)
Jaap ♦
yes.. during the epan initialization i registered that protocol using "register all protocols" and in that callback register_diameter function is there. version wireshark 1.6.4 with tha patch 39873.
(30 Jan '12, 19:36)
Sanny_D
By default, ONLY TCP traffic to or from port 3868 will be dissected as Diameter traffic. What TCP ports is the traffic you're handing libwireshark going to and coming from?
(30 Jan '12, 22:25)
Guy Harris ♦♦
Is that dissector configured properly?
(30 Jan '12, 22:48)
Jaap ♦
thanks a ton! :) wat if i want to change the default port for diameter :-/ wat i need to do ?
(30 Jan '12, 22:49)
Sanny_D
Edit your Wireshark preference file (creating it if necessary) and change the "diameter.tcp.ports" preference to list the ports you want to be used as Diameter ports.
(30 Jan '12, 23:34)
Guy Harris ♦♦
coudnt find the file in /share folder.. have no idea how to create it :-/ and dissector is dissecting diameter without using the xml dictionary :|
(31 Jan '12, 10:14)
Sanny_D
I infer from the If it's not using the XML dictionary, it's probably not finding the XML dictionary; it will look for it in whatever directory was configured as the "data file directory" when Wireshark was configured and built.
(31 Jan '12, 10:44)
Guy Harris ♦♦
i have a client(port 5678) server(3668) i have edited the preferences file diameter.tcp.ports=3000-7000 but still libwireshark is dissecting only the diameter traffic for port 3868.. if i change the port of server other than 3868... it doesnt dissect the diamter protocol
(02 Feb '12, 03:18)
Sanny_D
Make sure to set 'diameter.desegment' to true, as well as 'tcp.desegment_tcp_streams'. Better yet, test your preferences with Wireshark first.
(02 Feb '12, 05:16)
Jaap ♦
testing it with tshark does exactly what i want.. i set the preferences using prefs_set_pref(char *prefarg); but when i use the same function in my code and set the port:4868 and print the preference file it shows that "diameter.tcp.ports:4868: but still it dissecting the diameter protocol for only the 3868 (default port) just cant figure out what is the problem
(02 Feb '12, 22:38)
Sanny_D
showing 5 of 14
show 9 more comments
|
