Re: Use of wireshark to interpret input data that does not depend on any other existing protocols

[Jeff Morriss <jeff.morriss.ws () gmail com>]

Martin Kaiser wrote:
> Thus wrote Mrunal Upadhyay (m.upadhyay () sta samsung com):
>
> > 1. I have written the protocol dissector for my unique protocol. But
> > how do I differentiate the input packets in .pcap file so that only my
> > protocol dissector gets called to process the data? And how can I add
> > uniqueness to the input data stream to customize it to my protocol. Is
> > the protocol identified by means of some common pattern in the input
> > stream of bytes .If that is the case, how can I do that?
>
> you have a data link type (DLT) in the .pcap file
> (http://www.tcpdump.org/linktypes.html)
> In wireshark, you map this DLT value to a WTAP_xxx value in
> pcap_to_wtap_map[].

This requires getting a DLT value assigned by the folks at tcpdump.org .

If you're just experimenting or only going to be using your dissector 
yourself then you might also consider using one of the "user" DLT values:

http://wiki.wireshark.org/HowToDissectAnything
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe