Wireshark mailing list archives
Re: Dissecting packets via wtap file
From: Guy Harris <guy () alum mit edu>
Date: Fri, 19 Feb 2010 11:21:42 -0800
On Feb 18, 2010, at 10:29 PM, Sajit Nayak wrote:
I have my own file format. Now using the “open”, “read” and “seek and read” of wtap, can I decode the whole file.
What types of packets do you have in your file format? If they're packets for a link-layer protocol that Wireshark already understands, then you just need to have Wiretap return the right WTAP_ENCAP_ value for that protocol. For example, if they're Ethernet packets, use WTAP_ENCAP_ETHERNET. If they're packets for a link-layer protocol that Wireshark *doesn't* already understand, you would need to: add a new WTAP_ENCAP_ value for that protocol; write a new dissector for that protocol, and have it register itself in the "wtap_encap" dissector table with the new WTAP_ENCAP_ value; possibly write dissectors for the protocols that run atop that protocol, if there are any and Wireshark doesn't already have dissectors for them (if there are some, and Wireshark *does* have dissectors for them, you would have to arrange that your dissector can call them). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissecting packets via wtap file Sajit Nayak (Feb 19)
- Re: Dissecting packets via wtap file Guy Harris (Feb 19)
- <Possible follow-ups>
- Re: Dissecting packets via wtap file Sajit Nayak (Feb 23)