Re: data link type option in wireshark

[Guy Harris <guy () alum mit edu>]

On Aug 17, 2010, at 11:28 PM, upendra.allu () wipro com wrote:

> I have a query on data link type option in Wireshark.
> While decoding packets in Wireshark, we have an option to select the data link type (ex. Ethernet) for decoding the 
> plug-ins.

To what option are you referring?  The "Decode As" option from the "Analyze" menu, which lets you select, for a given 
Ethernet type, a protocol (regardless of whether the protocol's dissector is a plugin or a built-in) to use as the 
protocol for that Ethernet type?

> Now my question is, is it possible to decode the protocols directly without data link?

If you mean "I have a plugin for Ethernet type XXXX, can I make it the official protocol for Ethernet type XXXX, so 
that I don't have to use 'Decode As' to make Wireshark dissect packets of Ethernet type XXXX with my plugin", the 
answer is "yes" - you just have to have the handoff-registration routine in your plugin do

        dissector_add("ethertype", XXXX, my_dissector_handle);

XXXX here would probably be a hex number, for example 0x8048 if the Ethernet type for your protocol is hex 8048.

(If that's not what you mean, you'll have to explain what you mean.)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe