Wireshark-dev: [Wireshark-dev] Understanding a file format with no underlying protocol informat
From: "Priyanka Kamath" <[email protected]>
Date: Mon, 24 Jul 2006 15:48:09 +0530
Hi All,
I have a capture file which i am interested in showing on the Wireshark GUI. My capture file has info about only *one* protocol (proprietery) and no other protocol.I am planning to write a dissector for my file. I am confused as to how ethereal will call my dissector. My file has no data link information which ethereal may understand. Do i have to assign a DLT_ value for my protocol?
According to my understanding, i need to do the following so that WIreshark understands my file format:
1. Assign a DLT_ value to it.
2. Write a parser which will convert it into pcap format (Something similar to text2pcap)
3. Write a dissector and register it with the wtap_encap table by calling dissector_add()
Please do correct me if i am wrong. This is really really important. I have searched a lot on the net and found information about writing dissectors etc. I just want to know if i am on the right track.