On Feb 18, 2010, at 10:29 PM, Sajit Nayak wrote:
> I have my own file format. Now using the “open”, “read” and “seek and read”
> of wtap, can I decode the whole file.
What types of packets do you have in your file format?
If they're packets for a link-layer protocol that Wireshark already
understands, then you just need to have Wiretap return the right WTAP_ENCAP_
value for that protocol. For example, if they're Ethernet packets, use
WTAP_ENCAP_ETHERNET.
If they're packets for a link-layer protocol that Wireshark *doesn't* already
understand, you would need to:
add a new WTAP_ENCAP_ value for that protocol;
write a new dissector for that protocol, and have it register itself in
the "wtap_encap" dissector table with the new WTAP_ENCAP_ value;
possibly write dissectors for the protocols that run atop that
protocol, if there are any and Wireshark doesn't already have dissectors for
them (if there are some, and Wireshark *does* have dissectors for them, you
would have to arrange that your dissector can call them).
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
