Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Option to allow processing of unrecognised Data-link level P

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Mon, 5 Feb 2007 17:52:32 +0100
If the DLT is to be a "stadard" one why not register it?

If it is a private one why not use DLTS USER0..USER15. There's the DLT
User A-D "dissector" in preferences that allow you to specify any
given dissector to be used against pcap files with those
encapsulations (I often do).

Luis


On 2/5/07, Douglas Pratley <Douglas.pratley@xxxxxxxxxx> wrote:

Hi guys
At the moment, if Wireshark comes across an unexpected data-link level type
in the global header when reading a PCAP file, it completely rejects the
file. This doesn't allow the user to apply any intelligence, e.g. by
manipulating the "wtap_encap" dissector table using Lua.



A quick hack prototype suggests that it is possible to read unknown or
mis-labelled data; the frame dissector just hands it off to the data
dissector.



a) Would adding an option allowing unrecognised data to be read in from a
PCAP file cause any side-effects that I haven't spotted? The only changes
other than setting up the option would be in libpcap.c:libpcap_open, so that
it would continue processing an unrecognised type.



b) What would the best way be of adding this option? My first thought was to
make it a preference, but the wiretap library has no dependencies on the
epan module where the preferences are. It looks like it would take some
careful wiring to add in the option without introducing a dependency (which
I think would break some of the apps). Setting up a new (non-protocol)
preference might also have to be duplicated across tshark and wireshark,
which is ugly.



Cheers



Doug

__________________________________________
 Douglas Pratley
 t +44 845 050 7640 | f +44 845 644 5436
 a Detica | PO Box 383 | Horley | Surrey | RH6 7WX | UK
 ______________________________________________
 www.detica.com




 This message should be regarded as confidential. If you have received this
email in error please notify the sender and destroy it immediately.
 Statements of intent shall only become binding when confirmed in hard copy
by an authorised signatory. The contents of this email may relate to
dealings with other companies within the Detica Group plc group of
companies.

 Detica Limited is registered in England under No: 1337451.

 Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP,
England.


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev





--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube