Hi, Thank you so much for your kind reply.
I am reading the source code and still have some questions. 2008/12/22 Anders Broman <[email protected]> > Hi, > > In the native file format of Wireshark (Libpcap) there is a DLT value > (DatalLinkType) which 'points" to the first layer in the packet > > Ethernet, SS7 etc in the case of Ethernet the Ethertype points to the next > layer etc. > > > You mean the wireshark could choose the Ethernet protocol dissector to process the data according to DLT? where could I find the code in wireshark? To other protocols, such as TCP, after the Ethernet protocal dissector processes the data, the wireshark would find an TCP protocol dissector to continue processing the data. The wireshark at first find this is a TCP protocol according to the data header and then find a suitable protocal according to the port. Is it right? > >we have written some code > > Which LTE protocol are you writing dissectors for and what is their > transport protocol? We already have some LTE dissectors in Wireshark. > We are writing the mac part and want to test it using wireshark. I found the RRC part, I think this is a part of LTE? > Are you going to submit the code you have written? If you have some > mechanism to capture the LTE packets you are interested in dissecting > > and are thinking of wrapping them in fake TCP packets a better way may be > to request a new DLT value an let your device/application write in libpcap > format. > At first, we should test the mac code. If these code is all right, we could consider submitting it. At present, we have no LTE card, so we could not capture LTE data from a LTE card directly. After we develop a LTE card, I think we should change the libpcap code to capture LTE data from a LTE card.(We should add a new DLT in wireshark.) So we are thinking of capturing the LTE data(only including mac part) in TCP packets. However, I face a problem in this stage. I could receive the TCP packets in the wireshark. Could you tell me how to use our mac code to dissect these data and then display all data headers in wireshark? I will appreciate it greatly if you could give me some advice about these questions. Best wishes, Yuming > Regards > > Anders > ------------------------------ > > *Från:* [email protected] [mailto: > [email protected]] *För *Yuming fang > *Skickat:* den 22 december 2008 07:17 > *Till:* [email protected] > *Ämne:* [Wireshark-dev] How does the wireshark identify the > correspondingprotocol according to the data from libcap > > > > Hi, all, > > > > I am adding a new protocol to wireshark. When I add the new protocol, > there are some basic questions I could not understand as follows. > > > > (1) When capturing data from netcard, how does the wireshark choose the > protocol dissector to process the data? For example, if wireshark receive > the tcp data, how could it know these data is tcp data and thus choose tcp > protocol dissector to process these data? Could anyone give me some > explaination on the data flow from the netcard to the display in wireshark? > > > > (2) I want to use wireshark to process the LTE data(Actually mainly display > the LTE data format in wireshark). Now we have written some code. However, > we have not the LTE netcard. So I want to send the LTE data through TCP > socket(Port is 9999) and thus wireshark could receive the LTE data through > the TCP(Port:9999). Now I could get these LTE data, but how could I let the > wireshark display the LET data format like a tree? How could I add the LTE > code into the TCP(Port:9999) to process the LET data? > > > > I will appreciate it greatly if someone could give me some advice on these > questions. > > > > Best wishes, > > Yuming > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
