Use of wireshark to interpret input data that does not depend on any other existing protocols

[Mrunal Upadhyay <m.upadhyay () sta samsung com>]

Hi All,

I am adding a new protocol to wireshark that does not rely or depend on any other protocols(tcp, udp, 
ethernet,ppp,etc). I will be thankful if anyone can help me understand the following things:

1. I have written the protocol dissector for my unique protocol. But how do I differentiate the input packets in .pcap 
file so that only my protocol dissector gets called to process the data? And how can I add uniqueness to the input data 
stream to customize it to my protocol. Is the protocol identified by means of some common pattern in the input stream 
of bytes .If that is the case, how can I do that?

2. What is the difference between the dissector table and encapsulation table. I have understood how the protocol 
dissector encodes the input data and display it in a tree based on the formatting defined by static arrays ett and hf. 
What all steps I need to perform in order to write a protocol dissector that does not depend on any existing protocols 
and customize the input data in pcap file so that my protocol dissector gets called only when it comes across correct 
input data.

Mrunal

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe