Hi everyone,
I am currently working on modifying the wiretap modules for EyeSDN
traces to use WTAP_ENCAP_PER_PACKET, which is working nicely
(Q.931/DSS1, SS7/MTP2, PPP, X.25 and ATM support on the way for these
traces).
However, there is one thing I can not match to the ENCAP types at the
moment (maybe because I am too stupid to find this). In these traces
there are layer 1 messages like "Frame Synchronisation Lost", "Alarm
Indicator", "G.704 Lock" etc.
These messages are put in the trace file as plain text. And these frames
are marked as Layer 1 message frames to distuingish them from the actual
captured data. So far I just skip these frames...
What I would like to do is mark these frames as "WTAP_ENCAP_PLAIN_TEXT"
or similar and just let wireshark print the frame contents as ASCII to
the decoder window and at the left (protocol) side of the frame list.
Is there already a dissector which does this? If so, which ENCAP type
would I need to specify for these frames.
If not, is it ok if I add such a WTAP_ENCAP_* type and the dissector for
doing this? Would such a patch be accepted?
Kind regards,
Rolf
