Wireshark-dev: Re: [Wireshark-dev] Use ethereal as a proprietary protocol parser; no ethernet/I
Tom McLaughlin wrote:
Hello,
I work for a company that build proprietary communication systems for the utility industry. We have a proprietary communcation protocol that can be wrapped in several standard protocols. I would like to build a log parser that looks like Ethereal for our protocol if possible. This would not be a new dissector from what I understand for other protocols wrapped in Ethernet or IP.
Basically, get Ethereal to read in a file with a bunch of hex strings, somewhere define what the fields are, and use the Ethereal gui.
You've got at least a couple options to use Wireshark for this:
1) write your protocol out in libpcap format. If one of the existing
link types for libpcap does not fit your protocol then you could ask the
libpcap people (tcpdump.org) to allocate a new DLT_ value for your
lowest-level protocol. Then add support for that link type to
Wireshark's wiretap library and then write a dissector that registers
with Wireshark for that link type.
2) if you've already got a file format [and you don't want to change
it], you could add support in Wireshark's wiretap library for that log
file and then (again) write a dissector that registers to receive the
read-in data. You mentioned a file with a bunch of hex strings which
makes me think it's an ASCII file which makes me think that reading and
processing that file wouldn't be fun, but I imagine it would still be
possible.
