Hi All, I am adding a new protocol to wireshark that does not rely or depend on any other protocols(tcp, udp, ethernet,ppp,etc). I will be thankful if anyone can help me understand the following things:
1. I have written the protocol dissector for my unique protocol. But how do I differentiate the input packets in .pcap file so that only my protocol dissector gets called to process the data? And how can I add uniqueness to the input data stream to customize it to my protocol. Is the protocol identified by means of some common pattern in the input stream of bytes .If that is the case, how can I do that? 2. What is the difference between the dissector table and encapsulation table. I have understood how the protocol dissector encodes the input data and display it in a tree based on the formatting defined by static arrays ett and hf. What all steps I need to perform in order to write a protocol dissector that does not depend on any existing protocols and customize the input data in pcap file so that my protocol dissector gets called only when it comes across correct input data. Mrunal
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
