On Tue, Mar 07, 2017 at 08:40:51AM -0500, K. Reid Wightman wrote: > Hi all - > > I'm dusting off a very old research project, to make a useful open > WirelessHART capture tool and wireshark dissector. > > I encountered this old thread: > https://www.wireshark.org/lists/wireshark-dev/201107/msg00040.html , > wherein Sam Roberts requested a DLT_ value for WIHART, and it was > assigned value 223. I grabbed Sam's dissector, changed it slightly to > use the new DLT, tossed it into my Wireshark plugins directory, and > modified the KillerBee packet capture tool to record a PCAP with the new > DLT_ value. > > However, when I try to open said PCAP with Wireshark, Wireshark tells me > that there is no dissector for DLT 223. If I open Wireshark's LUA > evaluator and type the following: > > local wtap_encap = DissectorTable.get("tap_encap") > local test = wtap_encap:get_dissector(223) > print("testing for wihart: ", test) > > the console outputs: > > testing for wihart: WIHART > > So, it seems that the dissector is at least properly registered. I > wonder what else is required to make Wireshark try to apply the > dissector to a pcap when loading the file?
I guess that pcap_to_wtap_map in wiretap/pcap-common.c must be edited to make the pcap reader recognize this link type. Though I do wonder why the linktype is assigned, but not listed at http://www.tcpdump.org/linktypes.html (nor in wiretap/wtap.h). Guy, any idea? > I put both Sam Robert's dissector and a sample PCAP on github here, if > anyone wants to follow along at home: > https://github.com/reidmefirst/WirelessHART-Parser > > I have tried using the LUA dissector on Wireshark 1.12.1 (on a Debian > x64 system) as well as 2.2.2 (on a OS X system)...same issue on both > systems. > > Thanks for any tips, > Reid -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
