Yes. You modify wiretap to read your file format. You also add a new
wiretap encapsulation type, a WTAP_ENCAP_* value, defined in
wiretap/wtap.h. When your new wiretap module finds a packet of that
encapsulation type, it passes that value to Ethereal.
In Ethereal, you add a dissector which can parse your custom protocol.
It registers itself against "wtap_encap" with the new WTAP_ENCAP_*
value. E.g., look at how packet-tr.c calls:
dissector_add(WTAP_ENCAP_TOKEN_RING,....)
>From your new dissector to the next protocol (IP, for example), there
are various ways to proceed. You could call the dissector directly, by
grabbing its handle via find_dissector(), or if the next protocol is a
port-based protocol, you could use the dissector table functions to
have Ethereal call the next registered protocol. It depends on what
your custom protocol header has for fields.
--gilbert
On 5/2/05, Senthil Sundaram <sen@xxxxxxxxxxxx> wrote:
> Hi,
>
> Can I use ethereal to parse a packet that is not a packet captured on the
> network. For example that packet does not have an Ethernet header or IP
> header or anything like that. It is file in my own custom format , lets
> call it XYZ packet. I would like to register a plugin called packet-XYZ,
> whenever Ethereal sees this packet.
>
> Is this possible? How do I make ethereal understand my custom packet and
> open it. I remember some one on this list mention I need to use wiretap
> library to do this.
>
> How do I register my plugin handler, i.e, to which layer to I register my
> handler?
>
> Thanks
> Senthil
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
