Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How do I make use of my dissector.

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 17 Nov 2006 17:42:47 -0800

On Nov 17, 2006, at 4:42 PM, Neha Chahal wrote:

My capture file just has packets in my protocol format. It does not have udp or tcp packets encapsulating other protocols ( for now ) .

Then you can't use dissector_add("udp.port", ...) to arrange to have your dissector called, as the UDP dissector won't be called and won't call your dissector through the "udp.port" table.

It is strictly binary stream in the LEA format.

If this is a private format - i.e., if you don't plan to contribute this code to the Wireshark code base or give it away - you should choose one of the private WTAP_ENCAP_USERn values from wiretap/wtap.h (n goes from 0 to 15), and have your Wiretap code return that value for files in your file format.

Then you'd have your dissector do

	dissector_add("wtap_encap", WTAP_ENCAP_USERn, ...)

so that it's called for every packet in your file.