Dissector API

Dissector Class Interface

Methods

Dissector#constructor()

Dissector#analyze(packet,parentLayer)

Properties

Dissector#namespaces

export default class ARPDissector {

  // This namespace property is required.
  // All the packets that contains these namespace patterns 
  // will be passed to the analyze() method.
  static get namespaces() {
    // String or RegExp
    return ['::Ethernet::<ARP>'];
  }

  // An instance can be created/destroyed as needed.
  // You should not expect instance properties to be 
  // held during a session.
  constructor() {

  }

  analyze(packet, parentLayer) {

  }
}

Stream Dissector Class Interface

Methods

StreamDissector#constructor()

StreamDissector#analyze(packet,parentLayer,chunk)

Properties

StreamDissector#namespaces

export default class TCPDissector {

  // Same as Dissector Class
  static get namespaces() {
    return [/::Ethernet::\w+::<TCP>/];
  }

  // An instance will be created for each stream.
  constructor() {

  }

  analyze(packet, parentLayer, chunk) {

  }
}

Namespace

Every Layer has a namespace such as ::Ethernet::IPv4.
It describes the position of the layer in the network protocol stack.

Additionally, it can contain the name of the higher protocol layer (like ::Ethernet::IPv4::<TCP>).

Dripcap uses layer’s namespace to choose dissectors.
If there are no more dissector can handle the namespace, the dissection process will complete.

Examples

::<Ethernet>             Raw Frame contains Ethernet Frame
::Ethernet               Ethernet Frame
::Ethernet::IPv6::UDP    UDP on IPv6 on Ethernet
::Ethernet::IPv4::<TCP>  IPv4 on Ethernet contains TCP Segment

Syntax

namespace    = layer , { layer } | { layer } , higher layer
layer        = “::” , name
higher layer = “::<” , name , “>”
name         = char , { char }
char         = white space and any printable character without ‘:<>’

Range syntax

"2:16" -> 2nd byte through 15th byte
":16"  -> same as "0:16"
"2:"   -> same as `2:${payload.length}`
":"    -> same as `0:${payload.length}`

results matching ""

    No results matching ""