Wireshark mailing list archives
Re: Feeding the 802.15.4 Dissector
From: Guy Harris <guy () alum mit edu>
Date: Wed, 31 Jul 2013 03:17:26 -0700
On Jul 31, 2013, at 2:46 AM, Rui Pedro Caldeira <rpcaldeira () outlook com> wrote:
Hey Tomasz, thanks for the anwser. But my main question is how to write the bytes into the pipe so that Wireshark recognizes them as IEEE 802.15.4 packets, kinda like a structure that Wireshark is waiting for. I cannot just write the packet into the pipe, Wireshark gives me an error :S
You don't write packets to a pipe on which Wireshark is capturing; you write a byte stream that looks either like a
pcap file:
http://www.tcpdump.org/manpages/pcap-savefile.5.html
or looks like a pcap-ng file:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
Those types of file *include* packets, but they include more than just packet data.
So:
If you're writing a pcap file, the *first* thing you have to write is a pcap file header, including a "link-layer
header type" value corresponding to the 802.15.4 format you're using (see the LINKTYPE_ values in the tcpdump.org page
Tomasz mentioned), and then, for each packet, a pcap per-packet header followed by the raw packet data.
If you're writing a pcap-ng file, the *first* thing you have to write is a Section Header Block:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionshb
followed by an Interface Description Block:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionidb
including a "LinkType" value corresponding the the 802.15.4 format you're using (see the LINKTYPE_ values in the
tcpdump.org page Tomasz mentioned), and then, for each packet, an Enhanced Packet Block:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionepb
or, if you don't have time stamps for the packets, a Simple Packet Block:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionpbs
containing the raw packet data.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 30)
- Re: Feeding the 802.15.4 Dissector Tomasz Moń (Jul 30)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Guy Harris (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Rui Pedro Caldeira (Jul 31)
- Re: Feeding the 802.15.4 Dissector Tomasz Moń (Jul 30)