Wireshark-dev: [Wireshark-dev] independent dissection of plug-ins

Date: Tue, 31 Aug 2010 11:44:24 +0530

Hello,

 

I am trying to dissect plug-ins in Wireshark independently without its complete stack.

For example, if my plug-In is sitting in the following way

 

Ethernet

Internet Protocol

UDP or SCTP
MY-plug-in

 

This is the usual way how Wireshark decodes my plug-in, now I tried to decode my plug-in directly without its stack and succeeded by

Defining My-plug-in as DLT=147 in Wireshark -> Preferences -> DLT_USER -> Edit window and also making some code changes in my-plug-in.

 

But, when I try to decode more than one  my-plug-ins, with same DLT (DLT=147), I couldn’t able decode multiple plug-ins like that, but I can able to define them under same DLT.

Is It that one pcap file only supports only one DLT? If yes what is the best way to meet my requirement? I want to decode multiple plug-ins in the same pcap file (without decoding the plug-ins complete stack)

 

Regards,

Upendra

 

 

 

Please do not print this email unless it is absolutely necessary.

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com