Wireshark-users: Re: [Wireshark-users] Using wireshark to process my own capture file

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 13 Mar 2008 00:57:23 +0100
Hi,

Why not go for these:

	/* Reserved for private use. */
	{ 147,		WTAP_ENCAP_USER0 },
	{ 148,		WTAP_ENCAP_USER1 },
	{ 149,		WTAP_ENCAP_USER2 },
	{ 150,		WTAP_ENCAP_USER3 },
	{ 151,		WTAP_ENCAP_USER4 },
	{ 152,		WTAP_ENCAP_USER5 },
	{ 153,		WTAP_ENCAP_USER6 },
	{ 154,		WTAP_ENCAP_USER7 },
	{ 155,		WTAP_ENCAP_USER8 },
	{ 156,		WTAP_ENCAP_USER9 },
	{ 157,		WTAP_ENCAP_USER10 },
	{ 158,		WTAP_ENCAP_USER11 },
	{ 159,		WTAP_ENCAP_USER12 },
	{ 160,		WTAP_ENCAP_USER13 },
	{ 161,		WTAP_ENCAP_USER14 },
	{ 162,		WTAP_ENCAP_USER15 },

This is what they are there for, as far as I understand.

Thanx,
Jaap


Gil Berglass wrote:
I have software-generated capture files of variable-length packets (my own, experimental, protocol) preceded by standard pcap headers. All of the header fields are correct. I will never have to process live data. There can never be anything unexpected in the file--really! In any case, what I build will never reach "the real world." The value I put in the network field of the pcap header is not used--not even close--in the current libpcap source. I'll be running Wireshark on a Linux (Red Hat, 64-bit) server. I am building a dissector plugin for these packets, which will be a big job.

What I'm hoping to hear is that I don't have to deal with libpcap--even that I can use a standard Linux Wireshark binary and attach my plugin (if I can figure out how) and all this just works. If something else is needed I'm willing to patch the Wireshark source and recompile it. Can someone give me an idea what file(s) might need to be patched?

Much thanks.

       Gil Berglass
       berglass@xxxxxxxxx