 | 1 | initial version |
but when trying to decode as, it results in nothing.
You shouldn't have to use "Decode As" if you register the Ethertype.
Here's a sample Lua script that might help?
myProtocol = Proto.new("myProtocol", "My Protocol")
-- Define protocol fields
local pf = {
val1 = ProtoField.uint8("myProtocol.val1", "Value 1", base.DEC),
val2 = ProtoField.uint8("myProtocol.val2", "Value 2", base.DEC)
}
myProtocol.fields = pf
function myProtocol.dissector(tvb, pinfo, tree)
pinfo.cols.protocol = myProtocol.name
local subtree = tree:add(myProtocol, tvb())
subtree:add(pf.val1, tvb(0, 1))
subtree:add(pf.val2, tvb(1, 1))
end
DissectorTable.get("ethertype"):add(0x1234, myProtocol)
If you want to test it, you can copy the following text to a file, say ask31774.txt, and then use text2pcap -F pcap ask31774.txt ask31774.pcap to convert it to a pcap file that you can then load into Wireshark to see it dissected:
0000 01 01 01 01 01 01 02 02 02 02 02 02 12 34 01 02
If this doesn't help or it's not what you're looking for, then please update your question with more details and specifics.