hi!I need wireshark dissect captured packages by a config file. When wireshark started,the config file will be loaded to wireshark,and the captured package will be dissected by the fields name defined in xml file. Every displayed field is defined in xml files,so every field is configurable .Could you help me? Give me an example.Thank you very much!!! chinese is :我想通过XML配置文件的方式来解析wireshark所抓到的数据包。也就是说,我把消息字段配置到XML文件中,在抓包的过程中根据XML配置字段动态地解析数据包,不知道是否可行?如果可以,你们那边可以给我一个示例吗?非常感谢各位大侠!

asked 24 Nov '11, 19:38

liyunshi's gravatar image

liyunshi
1111
accept rate: 0%

edited 26 Feb '12, 21:03

cmaynard's gravatar image

cmaynard ♦
5.8k725100


Hi, Yo can have a look at the Diameter dissector packet-diameter.c which does something similar with the AVP:s.

link

answered 25 Nov '11, 00:31

Anders's gravatar image

Anders ♦
2.9k137
accept rate: 16%

It's not XML, but there's the Wireshark Generic Dissector plugin, which accepts descriptions of protocols in its own (again, not XML-based) language.

link

answered 25 Nov '11, 11:44

Guy%20Harris's gravatar image

Guy Harris ♦♦
11.0k226140
accept rate: 17%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×63
×20
×16
×4

Asked: 24 Nov '11, 19:38

Seen: 2,318 times

Last updated: 26 Feb '12, 21:03

powered by OSQA