Wireshark-dev: Re: [Wireshark-dev] HELP! - text file in GUI
From: "Gilbert Ramirez" <[email protected]>
Date: Tue, 1 Aug 2006 13:33:56 -0700
Yes, you could treat any arbitrary piece of data as "packet" data and
have a dissector put it into the wireshark GUI.

Where the fake protocol should go in the protocol stack is entirely up to you.

You could make it a "link layer", and have wiretap understand it as
its own special file format, and to pass it as a new link layer to
wireshark.

Or, as you suggset, you could put some fake headers before the data
and have wireshark pass it as a regular pcap file.

In either case, you will need to write a new dissector to handle your
fake protocol.

--gilbert

On 8/1/06, Priyanka Kamath <[email protected]> wrote:
Hi All,

I am planning to display a text file which contains some relevant
information in the Wireshark GUI.
My text file contains parameters as below:

Mobile Number
Source
Destination
Time
Event Type

I am trying to convert this to the pcap format by adding the pcap headers,
record headers and dummy Ethernet, IP and UDP headers in front of the text
content. Is this possible?
Also, if i write a dissector to read the text fields, will it get displayed
correctly in the GUI?

Thanks a lot!

--
Regards,
Priyanka
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev