- dissector_add_uint("wtap_encap", 147, base_handle); looks suspicious, where’s 147 coming from.
It appears to be from here:
"As there's no formal linktype defined for MCTP or higher-level DMTF protocols command-line switches provide the ability to specify one of the private linktype values in the range 147-162."
This has multiple issues:
Wiretap encapsulations are not the same as libpcap link layer types. Wtap encap 147 is defined in wiretap/wtap.h as WTAP_ENCAP_AX25_KISS, used by packet-ax25-kiss.c
Presumably what is meant here is the wiretap encapsulation equivalent, WTAP_ENCAP_USER0 (45), but we are never going to upstream a patch for one of the private linktypes / encapsulations.
The correct thing to do is to follow the directions here:
And request a new link layer type, which will then also result in a new wiretap encapsulation.
John Thacker