I have software-generated capture files of variable-length packets (my
own, experimental, protocol) preceded by standard pcap headers. All of
the header fields are correct. I will never have to process live data.
There can never be anything unexpected in the file--really! In any
case, what I build will never reach "the real world." The value I put in
the network field of the pcap header is not used--not even close--in the
current libpcap source. I'll be running Wireshark on a Linux (Red Hat,
64-bit) server. I am building a dissector plugin for these packets,
which will be a big job.
What I'm hoping to hear is that I don't have to deal with libpcap--even
that I can use a standard Linux Wireshark binary and attach my plugin
(if I can figure out how) and all this just works. If something else is
needed I'm willing to patch the Wireshark source and recompile it. Can
someone give me an idea what file(s) might need to be patched?
Much thanks.
Gil Berglass
berglass@xxxxxxxxx