On Nov 17, 2006, at 4:42 PM, Neha Chahal wrote:
> My capture file just has packets in my protocol format. It does not
> have udp or tcp packets encapsulating other protocols ( for now ) .
Then you can't use dissector_add("udp.port", ...) to arrange to have
your dissector called, as the UDP dissector won't be called and won't
call your dissector through the "udp.port" table.
> It is strictly binary stream in the LEA format.
If this is a private format - i.e., if you don't plan to contribute
this code to the Wireshark code base or give it away - you should
choose one of the private WTAP_ENCAP_USERn values from wiretap/wtap.h
(n goes from 0 to 15), and have your Wiretap code return that value
for files in your file format.
Then you'd have your dissector do
dissector_add("wtap_encap", WTAP_ENCAP_USERn, ...)
so that it's called for every packet in your file.
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
