I was using a a user defined DLT (147).
Additionally, I tried the following test:
Step1:
In the dissector, I added the following code:
dissector_add("tcp.port", 10001, fooHandle);
Step 2:
I took a sample hex dump of my message and converted to pcap using text2pcap e.g. : %text2pcap -l 147 myMsg.txt myMsg.pcap
Step3:
I then tried adding an entry to decode DLT 147 with the custom "Foo" dissector (Edit->Preferences->Protocols>DLT_USER->Edit Encapsulations Table
However, wireshark was unable to find my dissector (although it is registered).
The above works when I use the following:
%text2pcap -T 10001,10001 myMsg.txt myMsg.pcap
However, I don't want the TCP headers added.
Any ideas on how to get this working with a user defined DLT? Thanks,
--Mahesh
Insert movie times and more without leaving Hotmail®. See how.
|