Over the weekend, I coded up a protocol dissector in Ethereal for the TiVoConnect Discovery Protocol. The protocol is very simple, but I still wanted the satisfaction of seeing it listed by name when scanning through my home network captures while debugging Galleon/TiVo traffic.
Ethereal has great developer documentation. It was easy to find and got me coding right away with a skeleton dissector. I just love the projects with these kind of to-the-point examples. The only thing I felt was missing from their README.developer was something showing that the dissector routine could return gboolean, letting a dissector reject being attached to a given packet.
There were other clearly written dissectors that I used for reference: DNS, Yahoo, and Syslog. They seemed to answer most of the more subtle questions I had about rewriting column text, scanning the packet, and dealing with other special cases.
Hopefully the patch will get accepted. I even did the randomized testing the wiki recommended. :)
© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.