Wireshark-dev: Re: [Wireshark-dev] encapsulation type for layer 1 messages (strings)

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Thu, 3 Apr 2008 19:39:27 +0200

I think that's the way

you just need to add  WTAP_ENCAP_PLAIN_TEXT to  wtap.h
and have  proto_reg_handoff_text_lines() add  text_lines_handle to
wtap.encap table


On Thu, Apr 3, 2008 at 4:29 PM, Rolf Fiedler <rolf.fiedler@xxxxxxxxxxxxx> wrote:
> Hi everyone,
>
>  I am currently working on modifying the wiretap modules for EyeSDN
>  traces to use WTAP_ENCAP_PER_PACKET, which is working nicely
>  (Q.931/DSS1, SS7/MTP2, PPP, X.25 and ATM support on the way for these
>  traces).
>
>  However, there is one thing I can not match to the ENCAP types at the
>  moment (maybe because I am too stupid to find this). In these traces
>  there are layer 1 messages like "Frame Synchronisation Lost", "Alarm
>  Indicator", "G.704 Lock" etc.
>  These messages are put in the trace file as plain text. And these frames
>  are marked as Layer 1 message frames to distuingish them from the actual
>  captured data. So far I just skip these frames...
>
>  What I would like to do is mark these frames as "WTAP_ENCAP_PLAIN_TEXT"
>  or similar and just let wireshark print the frame contents as ASCII to
>  the decoder window and at the left (protocol) side of the frame list.
>
>  Is there already a dissector which does this? If so, which ENCAP type
>  would I need to specify for these frames.
>
>  If not, is it ok if I add such a WTAP_ENCAP_* type and the dissector for
>  doing this? Would such a patch be accepted?
>
>  Kind regards,
>  Rolf
>  _______________________________________________
>  Wireshark-dev mailing list
>  Wireshark-dev@xxxxxxxxxxxxx
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan