Wireshark mailing list archives
WirelessHART/New Protocol DLTs
From: "K. Reid Wightman" <krwightm () gmail com>
Date: Tue, 7 Mar 2017 08:40:51 -0500
Hi all - I'm dusting off a very old research project, to make a useful open WirelessHART capture tool and wireshark dissector. I encountered this old thread: https://www.wireshark.org/lists/wireshark-dev/201107/msg00040.html , wherein Sam Roberts requested a DLT_ value for WIHART, and it was assigned value 223. I grabbed Sam's dissector, changed it slightly to use the new DLT, tossed it into my Wireshark plugins directory, and modified the KillerBee packet capture tool to record a PCAP with the new DLT_ value. However, when I try to open said PCAP with Wireshark, Wireshark tells me that there is no dissector for DLT 223. If I open Wireshark's LUA evaluator and type the following: local wtap_encap = DissectorTable.get("tap_encap") local test = wtap_encap:get_dissector(223) print("testing for wihart: ", test) the console outputs: testing for wihart: WIHART So, it seems that the dissector is at least properly registered. I wonder what else is required to make Wireshark try to apply the dissector to a pcap when loading the file? I put both Sam Robert's dissector and a sample PCAP on github here, if anyone wants to follow along at home: https://github.com/reidmefirst/WirelessHART-Parser I have tried using the LUA dissector on Wireshark 1.12.1 (on a Debian x64 system) as well as 2.2.2 (on a OS X system)...same issue on both systems. Thanks for any tips, Reid ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- WirelessHART/New Protocol DLTs K. Reid Wightman (Mar 07)
- Re: WirelessHART/New Protocol DLTs Peter Wu (Mar 07)