Bill Sommerfeld wrote: > On Tue, 2007-06-12 at 12:49 -0500, Nicolas Williams wrote: > >> If Wireshark (getting used to not saying "Ethereal" is difficult) has a >> plug-in interface with a stability that suitably matches our needs then >> we should expose it, no? > > if there is a plug-in interface to wireshark which permits it to decode > new protocols then it may be sufficient in many cases to change or > supplement our stock advice to "enhance snoop to decode your protocol" > to "write and ship a wireshark plugin as part of (open)solaris to decode > your protocol"; pushing that plugin back upstream to the wireshark > maintainers could happen asynchronously. >
Yes; this is how Wireshark decodes additional protocols. Files are in /usr/lib/wireshark/plugins/0.99.5/... > (yes, there's still the issue of what to do about the protocols snoop > copes with but wireshark doesn't; that would be a prerequisite to > obsoleting snoop but I don't think the two have to happen at the same > time). > Can we get a list somewhere of these protocols, or is the only documentation the source code? - Bart -- Bart Smaalders Solaris Kernel Performance barts at cyber.eng.sun.com http://blogs.sun.com/barts
