Thus wrote Mrunal Upadhyay (m.upadhyay@xxxxxxxxxxxxxxx):
> 1. I have written the protocol dissector for my unique protocol. But
> how do I differentiate the input packets in .pcap file so that only my
> protocol dissector gets called to process the data? And how can I add
> uniqueness to the input data stream to customize it to my protocol. Is
> the protocol identified by means of some common pattern in the input
> stream of bytes .If that is the case, how can I do that?
you have a data link type (DLT) in the .pcap file
(http://www.tcpdump.org/linktypes.html)
In wireshark, you map this DLT value to a WTAP_xxx value in
pcap_to_wtap_map[].
In your dissector, you call dissector_add_uint() to register your
dissector for your WTAP_xxx. And you should check all incoming data to
make sure that it's actually your protocol.
You can take the DVB-CI dissector (any many others) as an example.
