On May 21, 2010, at 6:42 PM, Scott wrote:
> On Fri, May 21, 2010 at 3:18 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>> So what protocols does your custom protocol run on top of?
>
> For now the custom protocol is a dummy protocol that only contains a 32-bit int and rides on top of the IP protocol rider (*it*).
So presumably the IP protocol rider protocol has fields of its own.
Does the IP protocol rider have an IP protocol number assigned to it, so that you have:
link-layer protocol
IP, with the IP protocol number having the value for the IP protocol rider protocol
IP protocol rider protocol
custom protocol
some protocol that normally runs directly atop IP
or is this a non-standard encapsulation where you have:
link-layer protocol
IP, with the IP protocol number having the value for the protocol that's above the custom protocol
IP protocol rider protocol
custom protocol
some protocol that normally runs directly atop IP
The former can be done without modifying Wireshark, but not the way you're doing it.
The latter *CANNOT* be done without Wireshark's IP dissector to directly call the dissector for the IP protocol rider protocol.