Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2018-12-05 16:03:29 +0000

cmaynard gravatar image

If you're looking for the correct protocol names, you can try running something like tshark -G protocols | grep NAME … where NAME is the name of the protocol you're looking for. (Refer to the tshark man page for more details on the -G option.)

For example:

$ tshark -G protocols | grep RSL
Radio Signalling Link (RSL)     RSL     gsm_abis_rsl

So in the case of RSL, it looks like you'd need Dissector.get("gsm_abis_rsl"):call(buf, pinfo,tree)

Of course this doesn't always work, because the same search for MAC does find it:

$ tshark -G protocols | grep MAC
DOCSIS Mac Management   DOCSIS MAC MGMT docsis_mgmt
MACsec Key Agreement    EAPOL-MKA       mka
Radio Link Control, Medium Access Control, 3GPP TS44.060        GSM RLC MAC    gsm_rlcmac
ISMACryp Protocol       ISMACRYP        ismacryp
**MAC     MAC     mac**
MAC-LTE MAC-LTE mac-lte
mac-lte-framed  MAC-LTE-FRAMED  mac-lte-framed
MAC-NR  MAC-NR  mac-nr
MikroTik MAC-Telnet Protocol    MAC-Telnet      mactelnet
MAC Control     MACC    macc
802.1AE Security tag    MACsec  macsec
MPLS-MAC        Media Access Control (MAC) Address Withdrawal over Static Pseudowire    mpls_mac
WiMax MAC Management Message    MGMT MSG        wmx.mgmt
DCOM IRemoteActivation  REMACT  remact
Token-Ring Media Access Control TR MAC  trmac
WiMax Generic/Type1/Type2 MAC Header Messages   WiMax Generic/Type1/Type2 MAC Header (hdr)      wmx.hdr
WiMAX MAC-PHY over Ethernet     WiMAX MAC-PHY   wimaxmacphy

In this case, it seems you need to look at the source code (unless there's some other method I'm not aware of) in order to find the dissector that's actually registered.

$ grep "proto_register_protocol" packet-*.c | grep "\"MAC\""
packet-umts_mac.c:    proto_umts_mac = proto_register_protocol("MAC", "MAC", "mac");

$ grep register_dissector packet-umts_mac.c
    register_dissector("mac.fdd.rach", dissect_mac_fdd_rach, proto_umts_mac);
    register_dissector("mac.fdd.fach", dissect_mac_fdd_fach, proto_umts_mac);
    register_dissector("mac.fdd.pch", dissect_mac_fdd_pch, proto_umts_mac);
    register_dissector("mac.fdd.dch", dissect_mac_fdd_dch, proto_umts_mac);
    register_dissector("mac.fdd.edch", dissect_mac_fdd_edch, proto_umts_mac);
    register_dissector("mac.fdd.edch.type2", dissect_mac_fdd_edch_type2, proto_umts_mac);
    register_dissector("mac.fdd.hsdsch", dissect_mac_fdd_hsdsch, proto_umts_mac);
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2