Mirko.Karanovic@xxxxxx wrote:
I think that I should define proprietary “DLT_LAPB” value and do
whatever necessary steps in wtap (WireShark) in order to recognize my
DLT_LAPB type form libpcap file header. After that I should be able to
see LAPB frames and PLP packets in the WireShark.
Nobody should ever define, by themselves, a proprietary DLT_ value. If
you just pick some number to assign to that DLT_ name, there is a chance
that tcpdump.org will assign that value to an official DLT_ in the
future, and, if that happens, Wireshark will almost certainly be
modified to interpret that value as that DLT_. That would mean your
changes would have to *override* that.
The alternatives are:
1) ask tcpdump-workers@xxxxxxxxxxx to add an *official* DLT_LAPB and
assign a value to it, which means that Wiretap could be changed to that
the *standard* version will decode that DLT_ value as LAPB (so you
wouldn't need to maintain your own version of Wireshark);
2) use one of the DLT_USERn values.
I would recommend alternative 1.