Hi all -
I'm dusting off a very old research project, to make a useful open
WirelessHART capture tool and wireshark dissector.
I encountered this old thread:
https://www.wireshark.org/lists/wireshark-dev/201107/msg00040.html ,
wherein Sam Roberts requested a DLT_ value for WIHART, and it was
assigned value 223. I grabbed Sam's dissector, changed it slightly to
use the new DLT, tossed it into my Wireshark plugins directory, and
modified the KillerBee packet capture tool to record a PCAP with the new
DLT_ value.
However, when I try to open said PCAP with Wireshark, Wireshark tells me
that there is no dissector for DLT 223. If I open Wireshark's LUA
evaluator and type the following:
local wtap_encap = DissectorTable.get("tap_encap")
local test = wtap_encap:get_dissector(223)
print("testing for wihart: ", test)
the console outputs:
testing for wihart: WIHART
So, it seems that the dissector is at least properly registered. I
wonder what else is required to make Wireshark try to apply the
dissector to a pcap when loading the file?
I put both Sam Robert's dissector and a sample PCAP on github here, if
anyone wants to follow along at home:
https://github.com/reidmefirst/WirelessHART-Parser
I have tried using the LUA dissector on Wireshark 1.12.1 (on a Debian
x64 system) as well as 2.2.2 (on a OS X system)...same issue on both
systems.
Thanks for any tips,
Reid
