Wireshark mailing list archives
Re: How to add a wtap encapsulation?
From: Guy Harris <guy () alum mit edu>
Date: Wed, 13 Oct 2010 10:45:12 -0700
On Oct 12, 2010, at 2:04 PM, Yo Mismo wrote:
I want to add a wtap encapsulation for a new link layer protocol.
A Wiretap encapsulation is useful only if you have a capture file format that uses it. What type of capture file is this? If it's pcap or pcap-ng format, see the replies from Christopher Maynard and Jeff Morris - you'd need a DLT_ value (well, technically, a LINKTYPE_ value, but for all new values, they're the same) for use in the pcap file header or the pcap-ng Interface Description Block, and you could either use one of the "user-defined" values, in which case you'd also use the corresponding "user-defined" WTAP_ENCAP_ value, or you could get a new DLT_ value from tcpdump-workers () tcpdump org, and modify wiretap/pcap-common.c to map that DLT_ value to your new WTAP_ENCAP_ value. If it's some other format, you'd have to modify the Wiretap file for that file format to map a capture using that link-layer protocol to your new WTAP_ENCAP_ value. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to add a wtap encapsulation? Yo Mismo (Oct 13)
- Re: How to add a wtap encapsulation? Christopher Maynard (Oct 13)
- Re: How to add a wtap encapsulation? Jeff Morriss (Oct 13)
- Re: How to add a wtap encapsulation? Guy Harris (Oct 13)
- <Possible follow-ups>
- Re: How to add a wtap encapsulation? Yo Mismo (Oct 14)
- Re: How to add a wtap encapsulation? Guy Harris (Oct 14)