Re: [Ethereal-dev] [Plugin dev] Dissector of IP protocol?

[Guy Harris <guy@xxxxxxxxxxxx>]

On Oct 9, 2006, at 11:43 AM, Roman Prots' wrote:

> -------------------
> The Ethereal project is being continued at a new site.  Please go to
> http://www.wireshark.org and subscribe to wireshark-dev@xxxxxxxxxxxxxx
> Don't forget to unsubscribe from this list at
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
> -------------------
>
> How do I dissect data of IP protocol, when it is neither TCP, UPP or  
> other not Known to Ethereal.

The same way you'd do it in Wireshark (see the note added to your  
message by the software for the Ethereal mailing lists, above).

The data in question is for some other protocol, which has a protocol  
number value (just as TCP, for example, has a protocol number value of  
6).

The IPv4 and IPv6 dissectors use a dissector table named "ip.proto";  
the values in that dissector table are protocol number values.  You  
would register your dissector for that other protocol in the  
"ip.proto" table with the appropriate protocol number value, just as,  
for example, the TCP dissector does:

	dissector_add("ip.proto", IP_PROTO_TCP, tcp_handle);