Wireshark-dev: Re: [Wireshark-dev] Problem writing a file dissector for vwr capture files
From: Joerg Mayer <[email protected]>
Date: Sun, 30 Aug 2015 14:41:09 +0200
On Sun, Aug 30, 2015 at 07:53:09AM -0400, Hadriel Kaplan wrote:
> Did you add the magic info into the magic_files array in
> wiretap/mime_file.c?  It looks like it's necessary.

Ah, that was the part I was missing. Thanks!
Of course now that I did look at it, it doesn't help me because the file format
doesn't really have a magic value. So how do I go about it properly?


> On Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer <[email protected]> wrote:
> > I'm trying to write a file dissector for the IxVeriWave (.vwr) capture files
> > (without loosing the ability to open said capture files normally of course)
> > and am failing:
> > Running  "tshark -X 'read_format:MIME Files Format' -V -r testfile.vwr" (or
> > the equivalent steps in wireshark) results in
> > tshark: The file "testfile.vwr" isn't a capture file in a format TShark understands.
> > Trying to just take over the complete capture file was also unsuccessful.
> > I've attached the current source of the dissector. Simple question: What am
> > I missing ;-)
> > In case you want to test, use the capture attached to bug 11464.

Joerg Mayer                                           <[email protected]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.