How to add a dissector below USB/FTDI?
I want to write a dissector for a serial protocol but modern PCs use USB/FTDI serial converters. The data appears "in" the FTDI messages broken out by existing Wireshark dissectors so could someone point me at an example of how to register a dissector such that it happens below the existing USB/FTDI dissector?
Comments
Do you have a sample capture or is there one here (11743: Add FTDI USB dissector) for discussion?
Is the data always in the same FTDI field (Display Filter Reference: FTDI FT USB)?
Are you open to trying Lua? (05: Extending Wireshark with Lua | Learn Wireshark @ SF22US)
If the data appears in the FTDI message, then the dissector would be above the FTDI dissector. Why do you want it below the FTDI dissector?
Guy, I've never written a Wireshark dissector so perhaps my terminology is wrong. I had assumed that that FTDI dissector would pass "down" to my dissector which would then parse the FTDI representation. Chuckc, I can get a sample tonight. The data I want to interpret appear as "TX Transmit/RX Transmit" in the FTDI messages that cover the actual transmission and receipt of data. I could try LUA, it's not a language I've used before but I have work colleagues who have used it in the past (I'm a software engineer but this is part of a fun "at home" project)
Got a capture - now how to I attached it to this question? I will attached a single dissected frame below (sorry the comment mangles the formatting!). I care about the last byte (0x7f) that is the TX (or RX) payload. These are what form the protocol I care about.
(more)Please put it on a public file share (Google, Onedrive, Dropbox, ...) and update the question with a link to it.