Re: network type # of new plugin

[suraj <surajtaurus () gmail com>]

Guy Harris <guy@...> writes:

> On Jun 10, 2011, at 10:40 AM, suraj wrote:
>
> > I will not be checking in this. Require it for some local purpose. Analysing 
> > some Trace Dump. I though I would give some value since i'm using it 
locally. 
> > Wanted to know where do I include the chage(add the ID) in the wireshark 
> > sourcecode)?
>
> If you're only going to be using it locally, then, as the link-layer header 
types page says:
>       Values in the range 147 through 162 are reserved for private use; if you 
have some link-layer header type
> that you want to use within your organization, with the capture files using 
that link-layer header type
> not ever be sent outside your organization, you can use one or more these 
values. No libpcap release will
> use these for any purpose, nor will any tcpdump release use them, either.
>
>       Do NOT use these in capture files that you expect anybody not using your 
private versions of
> capture-file-reading tools to read; in particular, do NOTuse them in products, 
otherwise you may find
> that people won't be able to use tcpdump, or snort, or Wireshark, or... to 
read capture files from your
> firewall/intrusion detection/traffic monitoring/etc. appliance, or whatever 
product uses that
> link-layer header type value, and you may also find that the developers of 
those applications will not
> accept patches to let them read those files.
>
>       Also, do not use them if somebody might send you a capture using them 
for their private type and tools using
> them for your private type would have to read them.
>
> so you can put the packets into a pcap or pcap-NG file with a link-layer 
type/interface link-layer type in
> the range 147 (LINKTYPE_USER0) through 162 (LINKTYPE_USER15).
>
> Then, if you've picked LINKTYPE_USERn (n = {the value you chose} - 147), you'd 
have to have your dissector
> register itself with a name, and edit the preferences for the DLT_USER 
protocol and add an entry mapping
> DLT_USERn to your dissector.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@...?subject=unsubscribe


Cool. sounds great. Thanks a lot. So guess the mappings and stuff will be added 
in wiretap directory?


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe