Hi Armando, The is a way you can do it through wireshark GUI. Go to preferences -> protocols -> DLT_User. Here click on edit and add your protocol on any of the User DLTs(147 - 162). But make sure that that the pcap file you are using must have defined the same DLT value in its global header.
Hope this helps. Thanks, Ashish 2012/3/2 Armando Vázquez <avr...@gmail.com> > Hi guys, > > I've read the developers guide, README.developer, wiretap plugin wiki and > found no answer. Here is my problem. I'm trying to use Wireshark for > dissecting a pcap capture of a protocol that it's not currently defined in > wireshark. So I started writing a plugin, but I haven't been able to > declare or register this dissector so it is enabled as a link layer > dissector. I need to achieve this because this is not a internet protocol, > so I need to identify it in this layer. > > I've already read this dev-topic ( > http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html) > but I didn't understand it well. > > The dissection part works fine, I've tested it using a pcap and nesting it > on top of TCP. I would really appreciate your help. > > Also I've added in wtap.h > > #define WTAP_ENCAP_MYPROTOCOL 147 > > and in wtap.c > > static struct encap_type_info encap_table_base[] = { > ... > { "RESERVED 138", "res0" }, > { "RESERVED 139", "res1" }, > { "RESERVED 140", "res2" }, > { "RESERVED 141", "res3" }, > { "RESERVED 142", "res4" }, > { "RESERVED 143", "res5" }, > { "RESERVED 144", "res6" }, > { "RESERVED 145", "res7" }, > { "RESERVED 146", "res8" }, > > /* WTAP_ENCAP_MYPROTOCOL*/ > { "MY PROTOCOL, "myprotocol" } > }; > > Here are the register and handoff sections of my code > > > ---------------------------------------------------------------------------------- > void proto_register_myprotocol (void) > { > ... > > myprotocol_dissector_table = > register_dissector_table("myprotocol.proto","ACN protocol number", > FT_UINT8, BASE_HEX); > proto_register_field_array (proto_myprotocol, hf, array_length (hf)); > proto_register_subtree_array (ett, array_length (ett)); > register_dissector("myprotocol", dissect_myprotocol, proto_myprotocol); > } > > void proto_reg_handoff_myprotocol(void) > { > > data_handle = find_dissector("data"); > myprotocol_handle = create_dissector_handle(dissect_myprotocol, > proto_myprotocol); > > dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle); > dissector_add_uint("tcp.port", global_myprotocol_port, myprotocol_handle); > // Registering this on top of TCP was only to develop the dissection part, > this won't be present in the release version > > > } > > > ---------------------------------------------------------------------------------- > > This document is strictly confidential and intended only for use by the > addressee unless otherwise stated. If you are not the intended recipient, > > please notify the sender immediately and delete it from your system. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > -- Thanks, Ashish
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe