On Aug 17, 2010, at 11:28 PM, upendra.allu@xxxxxxxxx wrote:
> I have a query on data link type option in Wireshark.
> While decoding packets in Wireshark, we have an option to select the data link type (ex. Ethernet) for decoding the plug-ins.
To what option are you referring? The "Decode As" option from the "Analyze" menu, which lets you select, for a given Ethernet type, a protocol (regardless of whether the protocol's dissector is a plugin or a built-in) to use as the protocol for that Ethernet type?
> Now my question is, is it possible to decode the protocols directly without data link?
If you mean "I have a plugin for Ethernet type XXXX, can I make it the official protocol for Ethernet type XXXX, so that I don't have to use 'Decode As' to make Wireshark dissect packets of Ethernet type XXXX with my plugin", the answer is "yes" - you just have to have the handoff-registration routine in your plugin do
dissector_add("ethertype", XXXX, my_dissector_handle);
XXXX here would probably be a hex number, for example 0x8048 if the Ethernet type for your protocol is hex 8048.
(If that's not what you mean, you'll have to explain what you mean.)
