On Nov 17, 2006, at 4:42 PM, Neha Chahal wrote:
My capture file just has packets in my protocol format. It does not
have udp or tcp packets encapsulating other protocols ( for now ) .
Then you can't use dissector_add("udp.port", ...) to arrange to have
your dissector called, as the UDP dissector won't be called and won't
call your dissector through the "udp.port" table.
It is strictly binary stream in the LEA format.
If this is a private format - i.e., if you don't plan to contribute
this code to the Wireshark code base or give it away - you should
choose one of the private WTAP_ENCAP_USERn values from wiretap/wtap.h
(n goes from 0 to 15), and have your Wiretap code return that value
for files in your file format.
Then you'd have your dissector do
dissector_add("wtap_encap", WTAP_ENCAP_USERn, ...)
so that it's called for every packet in your file.