Ask Your Question

dmanderson's profile - activity

2020-07-30 13:20:57 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Pascal Quantin @grahamb @Guy Harris I've updated the question to reduce the amount of code in it since it's close to so

2020-07-30 13:20:41 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Pascal Quantin @grahamb @Guy Harris I've updated the question to reduce the amount of code in it since it's close to so

2020-07-29 13:46:06 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue EDIT: As problems have been solved, I've reduced the amount of code

2020-07-29 13:40:49 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue EDIT: As problems have been solved, I've reduced the amount of code

2020-07-29 13:20:46 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@grahamb @Guy Harris I have no idea how it happened, but there was a problem in my local Wireshark. I fixed that and it

2020-07-28 20:29:32 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris @grahamb I'm sorry it took a while, I had to figure out the best way to upload one. Here's a link to a pc

2020-07-28 20:09:29 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris @grahamb I'm sorry it took a while, I had to figure out the best way to upload one. Here's a link to a pc

2020-07-28 20:07:13 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris @grahamb I'm sorry it took a while, I had to figure out the best way to upload one. Here's a link to a pc

2020-07-20 18:11:06 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

I'll have to upload that somewhere and share a link, I guess. I likely won't be able to do that today. Would an image w

2020-07-20 16:32:57 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris Reading the octets in the "Data" block in a standard format pcap (I had another test network I could use th

2020-07-20 16:32:38 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris Reading the octets in the "Data" block in a standard format pcap (I had another test network I could use th

2020-07-20 16:32:19 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris Reading the octets in the "Data" block in a standard format pcap (I had another test network I could use th

2020-07-17 17:19:25 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@grahamb Completely failed - it just says "Data" and just lists the entire rest of the packet's bytes with no formattin

2020-07-17 17:18:31 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@grahamb Completely failed - it just says "Data" and just lists the entire rest of the packet's bytes with no formattin

2020-07-17 16:39:23 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue Background: I've written a dissector for reading a protocol called

2020-07-16 15:27:41 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth

2020-07-16 15:19:04 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth

2020-07-16 15:17:58 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth

2020-07-16 15:17:43 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth

2020-07-16 13:34:38 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth

2020-07-16 13:34:24 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the ethertyp

2020-07-16 13:33:41 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the ethertyp

2020-07-15 15:24:19 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

Thank you for your reply. I'll address your suggestions in the same order. 1: Currently, omitting some details due to

2020-07-15 15:24:07 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

Thank you for your reply. I'll address your suggestions in the same order. 1: Currently, omitting some details due to

2020-07-15 15:23:12 +0000 received badge  Commentator
2020-07-15 15:23:12 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

Thank you for your reply. I'll address your suggestions in the same order. 1: Currently, omitting some details due to

2020-07-14 20:41:22 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue Background: I've written a dissector for reading a protocol called

2020-07-14 20:27:32 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue Background: I've written a dissector for reading a protocol called

2020-07-14 20:18:56 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue Background: I've written a dissector for reading a protocol called

2020-07-14 20:15:19 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue Background: I've written a dissector for reading a protocol called

2020-07-14 20:04:55 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue Background: I've written a dissector for reading a protocol called

2020-07-14 15:15:51 +0000 received badge  Organizer (source)
2020-07-14 15:14:49 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read Issue Background: I've written a dissector for reading a protocol called TC. The subset of t

2020-07-14 15:06:45 +0000 asked a question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read Issue Background: I've written a dissector for reading a protocol called TC. The subset of t

2020-06-30 19:07:50 +0000 commented answer Type for Dissecting n-bit Quantities

@Guy Harris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number

2020-06-30 19:02:49 +0000 commented answer Type for Dissecting n-bit Quantities

@Guy Harris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number

2020-06-30 18:11:20 +0000 commented answer Type for Dissecting n-bit Quantities

@Guy Harris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number

2020-06-30 17:26:09 +0000 commented answer Type for Dissecting n-bit Quantities

@Guy Harris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number

2020-06-30 16:53:46 +0000 commented answer Type for Dissecting n-bit Quantities

@Guy Harris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number

2020-06-30 16:45:46 +0000 commented answer Type for Dissecting n-bit Quantities

@Guy Harris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number

2020-06-30 16:42:19 +0000 commented answer Type for Dissecting n-bit Quantities

@Guy Harris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number

2020-06-30 16:42:01 +0000 commented answer Type for Dissecting n-bit Quantities

@GuyHarris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number,

2020-06-30 16:41:10 +0000 commented answer Type for Dissecting n-bit Quantities

@GuyHarris Oh, another question just to make sure I understand. Near the end, right before the 8 bit sequence number,

2020-06-30 15:14:08 +0000 commented answer Type for Dissecting n-bit Quantities

@grahamb I did accept it as soon as I actually finished reading it in detail. When the page refreshed, I saw your comme

2020-06-30 15:00:07 +0000 marked best answer Type for Dissecting n-bit Quantities

EDIT: Is it possible to just parse a large portion of a header to fit into a standard size, and then just mask from there? For example, for a 40 bit header, I could break that into two 'segments', one of 32 bit size, one of 8 bit size. If I then use a pointer to the same reference point, can I then use different masks to parse out different pieces of that 32 bit size to recover the original field?

To be more concrete, let me walk through an example of what I mean.

Assume I have a 40 bit header, foo, with the following fields:

bit<2> version
bit<1> bypass
bit<1> command_flag
.... (skipping until the end of 32 bits for concision)
bit<8> sequuence_number

Assume that the fields have been defined in similar order in the dissector:

  static int hf_foo_version = -1;
  static int hf_foo_bypass = -1;
  static int hf_foo_cmd_flag = -1;
  ...
  static int foo_sequence_number = -1;

Can I do something like the following?

/*inside the proto_register_foo function*/
            static hf_register_info hf[] = {
                { &hf_foo_version,
                    { "Version",         "foo.version",
                    FT_UINT32, BASE_DEC,
                    NULL, 0x03,
                    NULL, HFILL }
                }
            };
            static hf_register_info hf[] = {
                { &hf_foo_version,
                    { "Bypass",         "foo.bypass",
                    FT_UINT32, BASE_DEC,
                    NULL, 0x07,
                    NULL, HFILL }
                }
            };

and so on, to parse each field out of the 32 bit selection, offset from the same pointer?

Original question below for more background - if you can answer the rephrasing of the question in this edit, though, then I can potentially remove the original question and use this rephrasing.

================================================================================

Hello. I am in the middle of writing dissector for a custom protocol encapsulating ethernet/ipv4. The protocol has two headers. The first header is 5 bytes in length while the second header is 1 byte in length. However, those bytes are not evenly divided.

For example, let's call the first header Foo, to be consistent with the Developer's Guide. Foo has many fields of varying sizes - 1,2,6,8, and 10 bit fields.

From reading README.developer, I can guess that for the 1 bit fields I can use things like gboolean for 1 bit and guint8 for 8 bit fields. I've been given a template that uses an FT_ prefix instead of the g prefix - for example, it uses FT_Boolean and FT_UINT8 instead for the previous types.

I am trying to follow the example given in section 9.2 of the Wireshark Developer's Guide - specifically, I'm currently looking at the section containing the following code for dissecting specific fields:

 static hf_register_info hf[] = {
    { &hf_foo_pdu_type,
        { "FOO PDU Type", "foo.type",
        FT_UINT8, BASE_DEC,
        NULL, 0x0,
        NULL, HFILL }
    }
};

One example field in my custom protocol is a 2-bit sequence flag field. In my code, this looks like:

    /* defined earlier in the actual file, included here for reference */
    static const value_string foo_sequence_flags[] = {
        {... /*omitted for concision as at this point, I cannot handle segmented data*/},
        {3, "Unsegmented data" },
        {0, NULL }
    };

    /* also defined earlier, included for reference.*/
    static int hf_foo_seq_flags = -1

    /*inside the proto_register_foo function*/
        static hf_register_info hf[] = {
            { &hf_foo_seq_flags,
                { "Sequence Flags",         "foo.seq_flags",
                <unknown type here>, BASE_DEC,
                VALS(foo_sequence_flags), 0b11 ...
(more)
2020-06-30 14:26:53 +0000 commented answer Type for Dissecting n-bit Quantities

Wow, that was a great answer. Thank you so much for taking the time to type it all out, I really appreciate it. I'm sorr

2020-06-30 14:26:05 +0000 commented answer Type for Dissecting n-bit Quantities

Wow, that was a great answer. Thank you so much for taking the time to type it all out, I really appreciate it. I'm sti