Wireshark-dev: Re: [Wireshark-dev] Dissecting packets via wtap file
From: "Sajit Nayak" <[email protected]>
Date: Tue, 23 Feb 2010 17:55:13 +0530

Thank you very much for your valuable inputs. Here is my update >>>>

 

What types of packets do you have in your file format?

 

The packets can be of ETHERNET, ATM, RAW IP, etc. and packets are for link layer types that Wireshark already understands.

I will have a live capture of packets and send those packets continuously to Wireshark through IPC mechanism. A magic value is added to packets.

           

So can those packets be decoded inside wireshark using the wtap “open”, “read”, “seek and read”? Should I have to write a new dissector?

Please help.

 

Thanks & Regards,

Sajit

 

From: Guy Harris <guy () alum mit edu>
Date: Fri, 19 Feb 2010 11:21:42 -0800

 

I have my own file format. Now using the “open”, “read” and “seek and read” of wtap, can I decode the whole file.

 

What types of packets do you have in your file format?

 

If they're packets for a link-layer protocol that Wireshark already understands, then you just need to have Wiretap

return the right WTAP_ENCAP_ value for that protocol.  For example, if they're Ethernet packets, use

WTAP_ENCAP_ETHERNET.

 

If they're packets for a link-layer protocol that Wireshark *doesn't* already understand, you would need to:

 

        add a new WTAP_ENCAP_ value for that protocol;

 

        write a new dissector for that protocol, and have it register itself in the "wtap_encap" dissector table with

the new WTAP_ENCAP_ value;

 

 possibly write dissectors for the protocols that run atop that protocol, if there are any and Wireshark doesn't

already have dissectors for them (if there are some, and Wireshark *does* have dissectors for them, you would have to

arrange that your dissector can call them).

 

 


From: Sajit Nayak [mailto:[email protected]]
Sent: Friday, February 19, 2010 12:00 PM
To: '[email protected]'
Subject: Dissecting packets via wtap file

 

Hi Sir,

 

I have my own file format. Now using the “open”, “read” and “seek and read” of wtap, can I decode the whole file.

If yes, please tell me the detailed procedures.

 

Thanks & Regards,

Sajit