Wireshark-dev: Re: [Wireshark-dev] network type # of new plugin
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: suraj <surajtaurus@xxxxxxxxx>
Date: Fri, 10 Jun 2011 18:05:00 +0000 (UTC)
Guy Harris <guy@...> writes:

> 
> 
> On Jun 10, 2011, at 10:40 AM, suraj wrote:
> 
> > I will not be checking in this. Require it for some local purpose. Analysing 
> > some Trace Dump. I though I would give some value since i'm using it 
locally. 
> > Wanted to know where do I include the chage(add the ID) in the wireshark 
> > sourcecode)?
> 
> If you're only going to be using it locally, then, as the link-layer header 
types page says:
> 
> 	Values in the range 147 through 162 are reserved for private use; if you 
have some link-layer header type
> that you want to use within your organization, with the capture files using 
that link-layer header type
> not ever be sent outside your organization, you can use one or more these 
values. No libpcap release will
> use these for any purpose, nor will any tcpdump release use them, either.
> 
> 	Do NOT use these in capture files that you expect anybody not using your 
private versions of
> capture-file-reading tools to read; in particular, do NOTuse them in products, 
otherwise you may find
> that people won't be able to use tcpdump, or snort, or Wireshark, or... to 
read capture files from your
> firewall/intrusion detection/traffic monitoring/etc. appliance, or whatever 
product uses that
> link-layer header type value, and you may also find that the developers of 
those applications will not
> accept patches to let them read those files.
> 
> 	Also, do not use them if somebody might send you a capture using them 
for their private type and tools using
> them for your private type would have to read them.
> 
> so you can put the packets into a pcap or pcap-NG file with a link-layer 
type/interface link-layer type in
> the range 147 (LINKTYPE_USER0) through 162 (LINKTYPE_USER15).
> 
> Then, if you've picked LINKTYPE_USERn (n = {the value you chose} - 147), you'd 
have to have your dissector
> register itself with a name, and edit the preferences for the DLT_USER 
protocol and add an entry mapping
> DLT_USERn to your dissector.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@...?subject=unsubscribe
> 
> 


Cool. sounds great. Thanks a lot. So guess the mappings and stuff will be added 
in wiretap directory?