Wireshark mailing list archives
Re: Use of wireshark to interpret input data that does not depend on any other existing protocols
From: Martin Kaiser <lists () kaiser cx>
Date: Thu, 21 Apr 2011 09:54:28 +0200
Thus wrote Mrunal Upadhyay (m.upadhyay () sta samsung com):
1. I have written the protocol dissector for my unique protocol. But how do I differentiate the input packets in .pcap file so that only my protocol dissector gets called to process the data? And how can I add uniqueness to the input data stream to customize it to my protocol. Is the protocol identified by means of some common pattern in the input stream of bytes .If that is the case, how can I do that?
you have a data link type (DLT) in the .pcap file (http://www.tcpdump.org/linktypes.html) In wireshark, you map this DLT value to a WTAP_xxx value in pcap_to_wtap_map[]. In your dissector, you call dissector_add_uint() to register your dissector for your WTAP_xxx. And you should check all incoming data to make sure that it's actually your protocol. You can take the DVB-CI dissector (any many others) as an example. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Use of wireshark to interpret input data that does not depend on any other existing protocols Martin Kaiser (Apr 21)