On Jun 10, 2011, at 10:40 AM, suraj wrote:
> I will not be checking in this. Require it for some local purpose. Analysing
> some Trace Dump. I though I would give some value since i'm using it locally.
> Wanted to know where do I include the chage(add the ID) in the wireshark
> sourcecode)?
If you're only going to be using it locally, then, as the link-layer header
types page says:
Values in the range 147 through 162 are reserved for private use; if
you have some link-layer header type that you want to use within your
organization, with the capture files using that link-layer header type not ever
be sent outside your organization, you can use one or more these values. No
libpcap release will use these for any purpose, nor will any tcpdump release
use them, either.
Do NOT use these in capture files that you expect anybody not using
your private versions of capture-file-reading tools to read; in particular, do
NOTuse them in products, otherwise you may find that people won't be able to
use tcpdump, or snort, or Wireshark, or... to read capture files from your
firewall/intrusion detection/traffic monitoring/etc. appliance, or whatever
product uses that link-layer header type value, and you may also find that the
developers of those applications will not accept patches to let them read those
files.
Also, do not use them if somebody might send you a capture using them
for their private type and tools using them for your private type would have to
read them.
so you can put the packets into a pcap or pcap-NG file with a link-layer
type/interface link-layer type in the range 147 (LINKTYPE_USER0) through 162
(LINKTYPE_USER15).
Then, if you've picked LINKTYPE_USERn (n = {the value you chose} - 147), you'd
have to have your dissector register itself with a name, and edit the
preferences for the DLT_USER protocol and add an entry mapping DLT_USERn to
your dissector.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
