Hello,
I am trying to dissect plug-ins in Wireshark independently without
its complete stack.
For example, if my plug-In is sitting in the following way
Ethernet
Internet Protocol
UDP or SCTP
MY-plug-in
This is the usual way how Wireshark decodes my plug-in, now I
tried to decode my plug-in directly without its stack and succeeded by
Defining My-plug-in as DLT=147 in Wireshark -> Preferences
-> DLT_USER -> Edit window and also making some code changes in
my-plug-in.
But, when I try to decode more than one my-plug-ins, with
same DLT (DLT=147), I couldn’t able decode multiple plug-ins like that,
but I can able to define them under same DLT.
Is It that one pcap file only supports only one DLT? If yes
what is the best way to meet my requirement? I want to decode multiple plug-ins
in the same pcap file (without decoding the plug-ins complete stack)
Regards,
Upendra
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
| 