Wireshark-dev: Re: [Wireshark-dev] How do I make use of my dissector.
From: Guy Harris <[email protected]>
Date: Fri, 17 Nov 2006 17:42:47 -0800
On Nov 17, 2006, at 4:42 PM, Neha Chahal wrote:

My capture file just has packets in my protocol format. It does not have udp or tcp packets encapsulating other protocols ( for now ) .
Then you can't use dissector_add("udp.port", ...) to arrange to have  
your dissector called, as the UDP dissector won't be called and won't  
call your dissector through the "udp.port" table.
It is strictly binary stream in the LEA format.
If this is a private format - i.e., if you don't plan to contribute  
this code to the Wireshark code base or give it away - you should  
choose one of the private WTAP_ENCAP_USERn values from wiretap/wtap.h  
(n goes from 0 to 15), and have your Wiretap code return that value  
for files in your file format.
Then you'd have your dissector do

	dissector_add("wtap_encap", WTAP_ENCAP_USERn, ...)

so that it's called for every packet in your file.