Thus wrote Mrunal Upadhyay (m.upadh...@sta.samsung.com): > 1. I have written the protocol dissector for my unique protocol. But > how do I differentiate the input packets in .pcap file so that only my > protocol dissector gets called to process the data? And how can I add > uniqueness to the input data stream to customize it to my protocol. Is > the protocol identified by means of some common pattern in the input > stream of bytes .If that is the case, how can I do that?
you have a data link type (DLT) in the .pcap file (http://www.tcpdump.org/linktypes.html) In wireshark, you map this DLT value to a WTAP_xxx value in pcap_to_wtap_map[]. In your dissector, you call dissector_add_uint() to register your dissector for your WTAP_xxx. And you should check all incoming data to make sure that it's actually your protocol. You can take the DVB-CI dissector (any many others) as an example. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe