I want to write a dissector for the "Unknown Subtype Content" (see captured text outout below).
Frame 3: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface ... Ethernet II, Src: Private_7a:b3:ca (10:00:00:7a:b3:ca), Dst: LLDP_Multicast (01:80:c2:00:00:0e) Link Layer Discovery Protocol Chassis Subtype = MAC address, Id: ... Port Subtype = Port component, Id: ... Time To Live = 65535 sec CompanyXYZ - Unknown (1) 1111 111. .... .... = TLV Type: Organization Specific (127) .... ...0 0100 0101 = TLV Length: 69 Organization Unique Code: 11:22:33 Unknown Subtype: 1 Unknown Subtype Content: 01000000426f6d626172646965722054434d530000000000000000000000000000000000… End of LLDPDU
The data that I want to analyse is part of the ethernet payload (not UDP or TCP) I don´t know of any port number for it. I understood, that I have to write a heuristic dissector for it. I tried the following:
ttdp = Proto("TTDP", "Train Top Protocol")
function ttdp.dissector (buf, pkt, root) print("ttpd.dissector was called.") end
local function heuristic_checker(buffer, pinfo, tree) print("dummy ttdp heuristic_checker() called") -- do some checks before returning true !!! return true end
ttdp:register_heuristic("ethernet", heuristic_checker)
But I got the error message "there is no heuristic list for 'ethernet' ". How can I hook on my dissector to the existing ethernet/lldp dissector ?
