Wireshark mailing list archives
Re: Feeding the 802.15.4 Dissector
From: Tomasz Moń <desowin () gmail com>
Date: Wed, 31 Jul 2013 07:35:30 +0200
On Tue, Jul 30, 2013 at 3:49 PM, Rui Pedro Caldeira <rpcaldeira () outlook com> wrote:
Hello, I'm using Wireshark to read from a pipe and i'm using the native IEEE 802.15.4 dissector, but I'm having trouble feeding Wireshark the proper bytes. I've tried to search but I can't find the right sequence of bytes the dissector is waiting for. Can anyone help me? Thanks in advance.
Not sure if that's exactly what you are asking for, but: 802.15.4 dissector does following in proto_reg_handoff_ieee802154: dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE802_15_4, ieee802154_handle); dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE802_15_4_NONASK_PHY, ieee802154_nonask_phy_handle); dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE802_15_4_NOFCS, ieee802154_nofcs_handle); dissector_add_uint("sll.ltype", LINUX_SLL_P_IEEE802154, ieee802154_handle); If you look into wiretap/pcap-common.c you will find that following linktypes are assigned for the WTAP_ENCAP_ defines: /* IEEE 802.15.4 Wireless PAN */ { 195, WTAP_ENCAP_IEEE802_15_4 }, ... /* IEEE 802.15.4 Wireless PAN non-ASK PHY */ { 215, WTAP_ENCAP_IEEE802_15_4_NONASK_PHY }, ... /* IEEE 802.15.4 Wireless PAN no fcs */ { 230, WTAP_ENCAP_IEEE802_15_4_NOFCS }, Now, get over to the tcpdump linktypes [1] and check the descriptions for 195, 215, 230. Choose the one that is closest match to your data and then set that number as linktype in pcap header. [1] http://www.tcpdump.org/linktypes.html ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 30)
- Re: Feeding the 802.15.4 Dissector Tomasz Moń (Jul 30)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Guy Harris (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Tomasz Moń (Jul 30)