Dissector: register a name for a ethertype

asked 2021-09-03 12:01:25 +0000

doragasu gravatar image

updated 2021-09-06 06:27:04 +0000

I am making a new dissector, that is triggered on an specific ethertype. I register it like this:


static dissector_handle_t foo_handle;

foo_handle = create_dissector_handle(dissect_foo_sos, proto_foo_sos);
dissector_add_uint("ethertype", FOO_PROTO_ETHERTYPE, foo_handle);


The dissector works great, but when browsing the capture, the llc.type type corresponding to the ethertype I am parsing, is shown as Type: Unknown (0x1234).

Is there a way to register a protocol name for this specific ethertype?

Is that really your code? The "foo"s and the "wiyo"s don't seem to match up.

See the end of packet-aarp.c for a simple example.

Chuckc gravatar imageChuckc ( 2021-09-03 14:57:16 +0000 )edit

No, sorry, I have corrected it.

doragasu gravatar imagedoragasu ( 2021-09-06 06:27:19 +0000 )edit

answered 2021-09-03 20:51:12 +0000

Guy Harris gravatar image

You'd have to modify the etype_vals[] table in epan/dissectors/packet-ethertype.c and recompile Wireshark; unfortunately, there's currently no way for code outside Wireshark to add entries to that table.

Oh, that's unfortunate I cannot do it inside the dissector plugin. Thanks for digging into it!

doragasu gravatar imagedoragasu ( 2021-09-06 06:28:55 +0000 )edit

answered 2021-09-03 12:52:20 +0000

hugo.vanderkooij gravatar image

A quick dig around seems to indicate that you need to go for the source code. I found the ethertypes listed in an include file but no reference to a config file to add your own.

Too bad there is not an interface for plugins. Thanks!

doragasu gravatar imagedoragasu ( 2021-09-06 06:29:13 +0000 )edit

Asked: 2021-09-03 12:01:25 +0000

Seen: 283 times

Last updated: Sep 06 '21