Wireshark-dev: Re: [Wireshark-dev] encapsulation type for layer 1 messages (strings)
I think that's the way
you just need to add WTAP_ENCAP_PLAIN_TEXT to wtap.h
and have proto_reg_handoff_text_lines() add text_lines_handle to
wtap.encap table
On Thu, Apr 3, 2008 at 4:29 PM, Rolf Fiedler <rolf.fiedler@xxxxxxxxxxxxx> wrote:
> Hi everyone,
>
> I am currently working on modifying the wiretap modules for EyeSDN
> traces to use WTAP_ENCAP_PER_PACKET, which is working nicely
> (Q.931/DSS1, SS7/MTP2, PPP, X.25 and ATM support on the way for these
> traces).
>
> However, there is one thing I can not match to the ENCAP types at the
> moment (maybe because I am too stupid to find this). In these traces
> there are layer 1 messages like "Frame Synchronisation Lost", "Alarm
> Indicator", "G.704 Lock" etc.
> These messages are put in the trace file as plain text. And these frames
> are marked as Layer 1 message frames to distuingish them from the actual
> captured data. So far I just skip these frames...
>
> What I would like to do is mark these frames as "WTAP_ENCAP_PLAIN_TEXT"
> or similar and just let wireshark print the frame contents as ASCII to
> the decoder window and at the left (protocol) side of the frame list.
>
> Is there already a dissector which does this? If so, which ENCAP type
> would I need to specify for these frames.
>
> If not, is it ok if I add such a WTAP_ENCAP_* type and the dissector for
> doing this? Would such a patch be accepted?
>
> Kind regards,
> Rolf
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
