Hi, In the frame layer there is the “Encapsulation type” the way the pcap format works this indicates how the data following should be interpreted.
Linktype/encapsulation type is defined at <https://www.tcpdump.org/linktypes.html> https://www.tcpdump.org/linktypes.html so one thing you could do is to design your own DLT Add whatever meta data you want and then add the RTPS data at some position in that structure. You can try this out by using the USER DLTs in Wireshark Or if you do not want to request a DLT from tcpdump ( DO NOT USE ONE WITHOUT ALLOCATING IT) you could use the Exported PDU DLT defined by Wireshark Epan/exported_pdu.h contains some information. If you would require new elements for meta information that could be discussed. Adding RTSP data in An exported_pdu DLT frame should be simple as an initial test. I think there is a sharkfest presentation on how to add any protocol data in an exported pdu frame with text2pcap. Regards Anders From: Wireshark-dev <wireshark-dev-boun...@wireshark.org> On Behalf Of Juanjo Martin Carrascosa Sent: den 15 januari 2020 12:24 To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] Bypassing the first layer Hi Dario, Could you elaborate on this? I get the idea but my knowledge about the how is very basic. How can this help me achieve what I need? Thanks for the help. Juanjo Martin On Tue, Jan 14, 2020 at 4:48 PM Dario Lombardo <lom...@gmail.com <mailto:lom...@gmail.com> > wrote: You can use export_pdu. This is a layer with multiple attributes (see epan/exported_pdu.h), but the only really needed is the proto_name, that allows you to directly call a dissector by its name. You will have frames with this stack: FRAME/EXPORT PDU/RTPS, that is properly dissected by wireshark. On Tue, Jan 14, 2020 at 4:33 PM Juanjo Martin Carrascosa <jua...@rti.com <mailto:jua...@rti.com> > wrote: Hi everyone, RTPS is a protocol already supported by Wireshark. I have been helping maintain that protocol these past years. It sits on top of TCP and UDP, as well as some other transports that are not network ones (Shared Memory typically with a proprietary implementation). We are currently working on implementing a new logging mechanism for our product, mainly to address the Shared Memory scenario but it can also be really useful when RTPS is used on top of network protocols. Problem: We can log the RTPS layer but we don't have some information in our middleware like the Frame or Ethernet information, so we need to make it up. This is ugly, so I am trying to avoid that: How can I register a protocol so it is picked up instead of the Frame layer? This is, I want to create a new protocol that detects that the information we generate is for that protocol and the Frame protocol is not called, but the new protocol I am creating. This new protocol will then call the RTPS protocol to dissect the payload I want to display. We are planning to also add some information to this custom protocol, that's why I want it to be called first. Note: I just came up with this solution, but if you have a different solution for this, please let me know. Thanks, Juanjo Martin ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org <mailto:wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org <mailto:wireshark-dev-requ...@wireshark.org> ?subject=unsubscribe -- Naima is online. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org <mailto:wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org <mailto:wireshark-dev-requ...@wireshark.org> ?subject=unsubscribe -- Juanjo Martin Principal Application Engineer EMEA Services Lead @ Professional Services Group Office: +34 958 27 88 62 jua...@rti.com <mailto:jua...@rti.com> www.rti.com <https://protect2.fireeye.com/v1/url?k=ef5c0e3a-b3d6db2c-ef5c4ea1-862f14a9365e-a65581b6c9ebf84e&q=1&e=75a63928-4ca4-405f-a42a-975bcffca831&u=http%3A%2F%2Fwww.rti.com%2F>
smime.p7s
Description: S/MIME cryptographic signature
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
