How to make layer 2 dissector wireshark?

A

avonar2017-03-21 12:39:47

linux

avonar, 2017-03-21 12:39:47

I wrote my warshark dissector in C, I wrote it under Linux.
For some reason, it starts parsing the packet only after the ethernet header, but I need to parse the packet starting from the very beginning of the packet. I'm not strong in C at all, but the documentation makes me even more bewildered.

void proto_reg_handoff_ebh(void)
{
    static dissector_handle_t ERh_handle;

    ERh_handle = create_dissector_handle(dissect_erh, proto_erh);
    dissector_add_uint("ethertype", ERH_TYPE, ERh_handle);

}

Here is the function I am trying to catch the packet. It catches perfectly, but in the dissect_erh function, when accessing the zero bit, the zero bit after the ethernet header is accessed. How to transfer the entire frame to the dissector? So that it does not highlight the Ethernet header when parsing a packet?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

J

jcmvbkbc, 2017-03-21
@jcmvbkbc

How to transfer the entire frame to the dissector? So that it does not highlight the Ethernet header when parsing a packet?

Register not on "ethertype" but on "eth" or on "frame"?