Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: network type # of new plugin

From: Guy Harris <guy () alum mit edu>
Date: Fri, 10 Jun 2011 10:54:14 -0700

On Jun 10, 2011, at 10:40 AM, suraj wrote:


I will not be checking in this. Require it for some local purpose. Analysing 
some Trace Dump. I though I would give some value since i'm using it locally. 
Wanted to know where do I include the chage(add the ID) in the wireshark 
sourcecode)?


If you're only going to be using it locally, then, as the link-layer header types page says:

        Values in the range 147 through 162 are reserved for private use; if you have some link-layer header type that 
you want to use within your organization, with the capture files using that link-layer header type not ever be sent 
outside your organization, you can use one or more these values. No libpcap release will use these for any purpose, nor 
will any tcpdump release use them, either.

        Do NOT use these in capture files that you expect anybody not using your private versions of 
capture-file-reading tools to read; in particular, do NOTuse them in products, otherwise you may find that people won't 
be able to use tcpdump, or snort, or Wireshark, or... to read capture files from your firewall/intrusion 
detection/traffic monitoring/etc. appliance, or whatever product uses that link-layer header type value, and you may 
also find that the developers of those applications will not accept patches to let them read those files.

        Also, do not use them if somebody might send you a capture using them for their private type and tools using 
them for your private type would have to read them.

so you can put the packets into a pcap or pcap-NG file with a link-layer type/interface link-layer type in the range 
147 (LINKTYPE_USER0) through 162 (LINKTYPE_USER15).

Then, if you've picked LINKTYPE_USERn (n = {the value you chose} - 147), you'd have to have your dissector register 
itself with a name, and edit the preferences for the DLT_USER protocol and add an entry mapping DLT_USERn to your 
dissector.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: