Wireshark · Ethereal-dev: Re: [Ethereal-dev] How to decode a message directly

Ethereal-dev: Re: [Ethereal-dev] How to decode a message directly

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>

Date: Mon, 13 Sep 2004 17:00:52 -0400

WangHao wrote:

> Hi,
>  
> I have a question, I am sure you can help me.
>  
> If I have dumped a bitstream of some protocol,say, SCCP which
> does not starting with the link protocol header expected by eathereal,
> could I have an approach to tell ethereal to decode it directly?

It is not possible to decode a bitstream of SCCP directly.  However, it
could be possible to write the SCCP data into a file format that
Ethereal understands; see this message for info on how to do this:

http://ethereal.com/lists/ethereal-dev/200409/msg00229.html

In the case of SCCP you're in a bit of luck (at least if you can't use
the WTAP_ENCAP_USER{N} types) because there is already a DLT_ value
(needed for PCAP files) for "raw" SCCP: 142.  It is not currently used,
however, so (at least) these modifications would need to be done:

	- the wiretap library would need to be updated to translate that DLT_
number to a (new) WTAP_ENCAP value
	- the SCCP dissector would need to be modified to register for that
WTAP_ENCAP value

Regards,
-Jeff

References:
- [Ethereal-dev] How to decode a message directly
  - From: WangHao

Prev by Date: Re: [Ethereal-dev] Gtk-CRITICAL errors with dual display
Next by Date: Re: [Ethereal-dev] "Save As" problem
Previous by thread: [Ethereal-dev] How to decode a message directly
Next by thread: [Ethereal-dev] please help
Index(es):
- Date
- Thread