CODEWITHSUNDEEP
ethernetwireshark-dissector
user2518953
user2518953

Reputation: 21

Adding Wireshark dissector at layer 2

How to call your own dissector based on type field in Ethernet? After getting Type value from Ethernet frame,I want to dissect the custom Ethernet frame with some added fields and then proceed the normal dissection.

I could write the dissector which can dissect packets on specified UDP/TCP port but not getting how to do it for specified Ethernet type.

Upvotes: 2

Views: 2411

Answers (2)

eugene-bright
eugene-bright

Reputation: 391

I've got working snippet right now. It's just a prototype.

-- create myproto protocol and its fields
p_myproto = Proto ("myproto","My Protocol")
local f_command = ProtoField.uint16("myproto.command", "Command", base.HEX)
local f_data = ProtoField.string("myproto.data", "Data", FT_STRING)

p_myproto.fields = {f_command}

-- myproto dissector function
function p_myproto.dissector (buf, pkt, root)
  -- validate packet length is adequate, otherwise quit
  if buf:len() == 0 then return end
  pkt.cols.protocol = p_myproto.name

  -- create subtree for myproto
  subtree = root:add(p_myproto, buf(0))
  -- add protocol fields to subtree
  subtree:add(f_command, buf(0,2)):append_text(" [Command text]")

  -- description of payload
  subtree:append_text(", Command details here or in the tree below")
end

-- Initialization routine
function p_myproto.init()
end

-- subscribe for Ethernet packets on type 5212 (0x145c).
local eth_table = DissectorTable.get("ethertype")
eth_table:add(5212, p_myproto)

Upvotes: 1

Zhichang Yu
Zhichang Yu

Reputation: 399

Following code register vlan_dissector as the dissector of ethernet 802.1Q frames. 

   -- subscribe for Ethernet packets on type 33024(0x8100).
   local eth_table = Dissector.get("ethertype")
   eth_table:add(33024, vlan_dissector)

Upvotes: 0

Related Questions