Re: Dissecting packets via wtap file

[Guy Harris <guy () alum mit edu>]

On Feb 18, 2010, at 10:29 PM, Sajit Nayak wrote:

> I have my own file format. Now using the “open”, “read” and “seek and read” of wtap, can I decode the whole file.

What types of packets do you have in your file format?

If they're packets for a link-layer protocol that Wireshark already understands, then you just need to have Wiretap 
return the right WTAP_ENCAP_ value for that protocol.  For example, if they're Ethernet packets, use 
WTAP_ENCAP_ETHERNET.

If they're packets for a link-layer protocol that Wireshark *doesn't* already understand, you would need to:

        add a new WTAP_ENCAP_ value for that protocol;

        write a new dissector for that protocol, and have it register itself in the "wtap_encap" dissector table with 
the new WTAP_ENCAP_ value;

        possibly write dissectors for the protocols that run atop that protocol, if there are any and Wireshark doesn't 
already have dissectors for them (if there are some, and Wireshark *does* have dissectors for them, you would have to 
arrange that your dissector can call them).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe