Over Christmas, when I couldn’t tolerate the withdrawal of internet and computer abstinence any longer, I decided to investigate how to write a packet dissector for Wireshark. Wireshark (nee Ethereal) is an open source network protocol analyser with an extensive set of protocol dissectors and a plug-in architecture for writing your own.
Having downloaded and verified a fresh build, I set about looking at tutorials and examples of dissectors. The intention is to capture network traffic arriving and leaving the iigcd process, currently JDBC and .NET over TCP/IP, and to dissect the packets.
I eventually stumbled on Creating Your Own Custom Wireshark Dissector by Ken Thompson and after a couple of hours had the inklings of a dissector.
The protocol is composed of a network level envelope around a transport level packet which surrounds a Data Access message. The initial dissector will dissect the network and transport layers, but the message dissection was a bit more complicated than time allowed.
The code is available from https://bitbucket.org/notnull/idamp-dissector-plug-in/, feel free to contribute 