Hey, Where can I get a foo.pcap file to test with the dissector? I couldn't find an example file in the Developer Guide, if there isn't one how can I generate a pcap file? I tried serializing a struct conforming to the foo protocol in C++ but wireshark won't open it. Any ideas? asked 20 Nov '13, 03:52  Lews Therin |
2 Answers:
You need to write a file in pcap or pcap-ng format for Wireshark to be able to open it. You can find descriptions of the file formats on the Libpcap File Format and PcapNg wiki pages. Alternatively you can play with text2pcap if you don't have a trace of a proper message exchange for your protocol. answered 20 Nov '13, 05:36  Anders ♦ edited 20 Nov '13, 07:33  cmaynard ♦♦ |
Check this out. A nice python file to meet your needs :) https://ask.wireshark.org/questions/18191/how-do-i-make-a-dissector-handle-a-particular-ethertype-ethernet-type-field-value answered 24 Feb '15, 22:36  Mojo0809 |
