Re: Use of wireshark to interpret input data that does not depend on any other existing protocols

[Martin Kaiser <lists () kaiser cx>]

Thus wrote Mrunal Upadhyay (m.upadhyay () sta samsung com):

> 1. I have written the protocol dissector for my unique protocol. But
> how do I differentiate the input packets in .pcap file so that only my
> protocol dissector gets called to process the data? And how can I add
> uniqueness to the input data stream to customize it to my protocol. Is
> the protocol identified by means of some common pattern in the input
> stream of bytes .If that is the case, how can I do that?

you have a data link type (DLT) in the .pcap file
(http://www.tcpdump.org/linktypes.html)
In wireshark, you map this DLT value to a WTAP_xxx value in
pcap_to_wtap_map[].

In your dissector, you call  dissector_add_uint() to register your
dissector for your WTAP_xxx. And you should check all incoming data to
make sure that it's actually your protocol.

You can take the DVB-CI dissector (any many others) as an example.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe