Ask Your Question

Revision history [back]

Adding a protocol between ethernet and IP

I followed the wireshark documentation : https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html to create my own dissector for my own protocol which is placed as follows: ethernet --- own proto ---- IP. The dissector works fine and I get what was expected in wireshark, however and as expected wireshark does not know how to parse the IP layer.

My own protocol has a next-layer field so we can know what the next protocol is. I assumed that to let wireshark know how to parse my packets I had to add a dissector_add_unit in the packet-ip.c. So i added:

dissector_add_uint("<own_header>.next", ETHERTYPE_IP, ipv4_handle);

However, wireshark does not know how to parse it, and i get the following error message when it starts:

OOPS: dissector table "dpfd.next" doesn't exist

Any idea of what do I need to do ?