Martin Kaiser wrote:
Thus wrote Mrunal Upadhyay (m.upadhyay@xxxxxxxxxxxxxxx):
1. I have written the protocol dissector for my unique protocol. But
how do I differentiate the input packets in .pcap file so that only my
protocol dissector gets called to process the data? And how can I add
uniqueness to the input data stream to customize it to my protocol. Is
the protocol identified by means of some common pattern in the input
stream of bytes .If that is the case, how can I do that?
you have a data link type (DLT) in the .pcap file
(http://www.tcpdump.org/linktypes.html)
In wireshark, you map this DLT value to a WTAP_xxx value in
pcap_to_wtap_map[].
This requires getting a DLT value assigned by the folks at tcpdump.org .
If you're just experimenting or only going to be using your dissector
yourself then you might also consider using one of the "user" DLT values:
http://wiki.wireshark.org/HowToDissectAnything
