On Sun, Aug 30, 2015 at 07:53:09AM -0400, Hadriel Kaplan wrote:
> Did you add the magic info into the magic_files array in
> wiretap/mime_file.c? It looks like it's necessary.
Ah, that was the part I was missing. Thanks!
Of course now that I did look at it, it doesn't help me because the file format
doesn't really have a magic value. So how do I go about it properly?
Thanks
Jörg
> On Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer <jmayer@xxxxxxxxx> wrote:
> > I'm trying to write a file dissector for the IxVeriWave (.vwr) capture files
> > (without loosing the ability to open said capture files normally of course)
> > and am failing:
> > Running "tshark -X 'read_format:MIME Files Format' -V -r testfile.vwr" (or
> > the equivalent steps in wireshark) results in
> > tshark: The file "testfile.vwr" isn't a capture file in a format TShark understands.
> > Trying to just take over the complete capture file was also unsuccessful.
> > I've attached the current source of the dissector. Simple question: What am
> > I missing ;-)
> > In case you want to test, use the capture attached to bug 11464.
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
