Hi, In the native file format of Wireshark (Libpcap) there is a DLT value (DatalLinkType) which points to the first layer in the packet
Ethernet, SS7 etc in the case of Ethernet the Ethertype points to the next layer etc. >we have written some code Which LTE protocol are you writing dissectors for and what is their transport protocol? We already have some LTE dissectors in Wireshark. Are you going to submit the code you have written? If you have some mechanism to capture the LTE packets you are interested in dissecting and are thinking of wrapping them in fake TCP packets a better way may be to request a new DLT value an let your device/application write in libpcap format. Regards Anders _____ Från: [email protected] [mailto:[email protected]] För Yuming fang Skickat: den 22 december 2008 07:17 Till: [email protected] Ämne: [Wireshark-dev] How does the wireshark identify the correspondingprotocol according to the data from libcap Hi, all, I am adding a new protocol to wireshark. When I add the new protocol, there are some basic questions I could not understand as follows. (1) When capturing data from netcard, how does the wireshark choose the protocol dissector to process the data? For example, if wireshark receive the tcp data, how could it know these data is tcp data and thus choose tcp protocol dissector to process these data? Could anyone give me some explaination on the data flow from the netcard to the display in wireshark? (2) I want to use wireshark to process the LTE data(Actually mainly display the LTE data format in wireshark). Now we have written some code. However, we have not the LTE netcard. So I want to send the LTE data through TCP socket(Port is 9999) and thus wireshark could receive the LTE data through the TCP(Port:9999). Now I could get these LTE data, but how could I let the wireshark display the LET data format like a tree? How could I add the LTE code into the TCP(Port:9999) to process the LET data? I will appreciate it greatly if someone could give me some advice on these questions. Best wishes, Yuming
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
