Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dissecting packets via wtap file

From: "Sajit Nayak" <sajit.nayak () nethawkgroup com>
Date: Tue, 23 Feb 2010 17:55:13 +0530
Thank you very much for your valuable inputs. Here is my update >>>>

 

What types of packets do you have in your file format?

 

The packets can be of ETHERNET, ATM, RAW IP, etc. and packets are for link
layer types that Wireshark already understands.

I will have a live capture of packets and send those packets continuously to
Wireshark through IPC mechanism. A magic value is added to packets.

            

So can those packets be decoded inside wireshark using the wtap "open",
"read", "seek and read"? Should I have to write a new dissector?

Please help.

 

Thanks & Regards,

Sajit

 

From: Guy Harris <guy () alum mit edu>
Date: Fri, 19 Feb 2010 11:21:42 -0800

 

I have my own file format. Now using the "open", "read" and "seek and read"
of wtap, can I decode the whole file.

 

What types of packets do you have in your file format?

 

If they're packets for a link-layer protocol that Wireshark already
understands, then you just need to have Wiretap 

return the right WTAP_ENCAP_ value for that protocol.  For example, if
they're Ethernet packets, use 

WTAP_ENCAP_ETHERNET.

 

If they're packets for a link-layer protocol that Wireshark *doesn't*
already understand, you would need to:

 

        add a new WTAP_ENCAP_ value for that protocol;

 

        write a new dissector for that protocol, and have it register itself
in the "wtap_encap" dissector table with 

the new WTAP_ENCAP_ value;

 

 possibly write dissectors for the protocols that run atop that protocol, if
there are any and Wireshark doesn't 

already have dissectors for them (if there are some, and Wireshark *does*
have dissectors for them, you would have to 

arrange that your dissector can call them).

 

 

  _____  

From: Sajit Nayak [mailto:sajit.nayak () nethawkgroup com] 
Sent: Friday, February 19, 2010 12:00 PM
To: 'wireshark-dev () wireshark org'
Subject: Dissecting packets via wtap file

 

Hi Sir,

 

I have my own file format. Now using the "open", "read" and "seek and read"
of wtap, can I decode the whole file. 

If yes, please tell me the detailed procedures.

 

Thanks & Regards,

Sajit

 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: