Wireshark-dev: [Wireshark-dev] Understanding a file format with no underlying protocol informat
Hi All,
I have a capture file which i am interested in showing on the Wireshark GUI. My capture file has info about only *one* protocol (proprietery) and no other protocol.I am planning to write a dissector for my file. I am confused as to how ethereal will call my dissector. My file has no data link information which ethereal may understand. Do i have to assign a DLT_ value for my protocol?
According to my understanding, i need to do the following so that WIreshark understands my file format:
1. Assign a DLT_ value to it.
2. Write a parser which will convert it into pcap format (Something similar to text2pcap)
3. Write a dissector and register it with the wtap_encap table by calling dissector_add()
Please do correct me if i am wrong. This is really really important. I have searched a lot on the net and found information about writing dissectors etc. I just want to know if i am on the right track.
Thanks!
--
Regards,
Priyanka