Hello,
I have a query on “User
DLTs table” window on Wireshark.
My main intention is to dissect Wireshark plug-ins
as independent plug-ins (I mean with out dissecting Data Link layer (Ethernet)
and IP layers, I directly want to dissect plug-ins on top of IP layer.
I found the following webpage useful for my
purpose.
http://wiki.wireshark.org/HowToDissectAnything
In the webpage he explained on how to
dissect HTTP plug-in as independent plug-in, in the similar way I want to
dissect my plug-ins.
My question here is, in Wireshark Edit à
Preferences window, on selecting DLT_USER à
Edit, in User DLTs Table à
New window, we have different DLT values ranging from 147 – 162, in the “Payload
Protocol” field it is accepting only some protocols (ex, HTTP, FTP, which
I tried) for User 0 (DLT=147).
If I give HTTP in that field, I can dissect
HTTP layer directly without its bottom layers. Now how can I define my plug-in
names there so that I also can also dissect my plug-ins directly? Do I have to
define the plug-in names some where in the code?
Please help in this.
Best regards,
Upendra
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.