Re: rs232 dissection?

[Guy Harris <guy () alum mit edu>]

On Feb 10, 2012, at 1:10 PM, Guy Harris wrote:

> As for the file format, you could:
>
>       use one of the USERn link-layer type values in a pcap or pcap-NG file, and set up your dissector to handle that 
> USERn type;
>
>       get a link-layer header type value officially assigned, by sending a request to tcpdump-workers () lists 
> tcpdump org (and supplying a description of the packet format or a link to that specification), use it in a pcap or 
> pcap-NG file, add a WTAP_ENCAP_ value for your packets, and modify Wireshark to map that link-layer header type value 
> to the WTAP_ENCAP_ value, and have your dissector register for that WTAP_ENCAP_ value;
>
>       use your own file format, add a WTAP_ENCAP_ value for your packets, add code to read that file format using 
> that WTAP_ENCAP_ value,  and modify Wireshark to map that link-layer header type value to the WTAP_ENCAP_ value, and 
> have your dissector register for that WTAP_ENCAP_ value.

        ...

> I'd recommend the first or second - the first if you're only using it yourself, the second if you want to exchange 
> captures with other people.

The one reason to go for the third option would be if you've already created the new file format and are writing files 
out in that format.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe