Ask Your Question

How to get the dissector of GRE

asked 2022-07-05 12:03:07 +0000

leelli gravatar image

Dissector name can be obtained through Dissector.list(),One of the names is ip.Then you can obtained the ipv4 Dissector through Dissector.get("ip").

now I want to get the Dissector of GRE, but I don't know the name of the GRE Dissector

The output of Dissector.list() also has no name like GRE or Generic Routing Encapsulation

edit retag flag offensive close merge delete


I already know: dissectortable:get_dissector(pattern)

leelli gravatar imageleelli ( 2022-07-05 13:04:09 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted

answered 2022-07-06 09:15:31 +0000

Michael Firth gravatar image

In a GRE over UDP dissector, I have seen this used to get the GRE dissector:

gre_dissector = DissectorTable.get("ip.proto"):get_dissector(47)

Then to pass the data in, this was used:

gre_dissector:call(buffer, pinfo, tree)

edit flag offensive delete link more

answered 2022-07-05 13:35:59 +0000

Chuckc gravatar image

GRE is a sub-dissector (packet-gre.c):

    dissector_handle_t gre_handle;
    capture_dissector_handle_t gre_cap_handle;

    gre_handle = create_dissector_handle(dissect_gre, proto_gre);
    dissector_add_uint("ip.proto", IP_PROTO_GRE, gre_handle);
    dissector_add_uint("udp.port", GRE_IN_UDP_PORT, gre_handle);
    gre_cap_handle = create_capture_dissector_handle(capture_gre, proto_gre);
    capture_dissector_add_uint("ip.proto", IP_PROTO_GRE, gre_cap_handle);
foo = DissectorTable.get("ip.proto")

foo_d = foo:get_dissector(47)

print("ip.proto:", foo_d)

foo = DissectorTable.get("udp.port")

foo_d = foo:get_dissector(4754)

print("udp.port:", foo_d)
7/5/2022 8:32:27 AM Console opened
7/5/2022 8:32:33 AM DissectorTable
7/5/2022 8:32:33 AM Dissector
7/5/2022 8:32:33 AM ip.proto:   GRE
7/5/2022 8:32:33 AM DissectorTable
7/5/2022 8:32:33 AM Dissector
7/5/2022 8:32:33 AM udp.port:   GRE
edit flag offensive delete link more


thank you very much

leelli gravatar imageleelli ( 2022-07-05 14:28:35 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-07-05 12:03:07 +0000

Seen: 49 times

Last updated: Jul 06