 | 1 | initial version |
Support for custom options is pretty recent (3431:
pcapng: add support for custom options) and not very robust.
Seems you have a pretty clear idea of what your use would be so it's worth opening an enhancement request on the Wireshark Gitlab issues page.
Notes:
There are sample captures here - pcapng-test-generator - that include custom blocks and custom options. The custom blocks are integrated into the Wireshark Packet List.
pcapng-test-generator/output_be/difficult/test202.pcapng has custom blocks:
pcapng-test-generator/output_be/basic/test009.pcapng has a EPB with custom options.
View->Reload as File Format/Capture:
Block: Enhanced Packet Block 1
Block Type: Enhanced Packet Block (0x00000006)
Block Length: 500
Block Data
Interface: 0
Timestamp (High): 312215
Timestamp (Low): 1690978218
[Timestamp: Jun 29, 2012 02:28:25.298858000 Central Daylight Time]
Captured Length: 314
Packet Length: 314
Packet Data
Packet Padding
Options
Option: Comment = test009-1
Option: Flags
Option: Drop Count = 0
Option: Unknown
Code: Unknown (2988)
Length: 13
Option Data
Option Padding
Option: Unknown
Code: Unknown (2989)
Length: 15
Option Data
Option Padding
Option: Unknown
Code: Unknown (19372)
Length: 14
Option Data
Option Padding
Option: Unknown
Code: Unknown (19373)
Length: 13
Option Data
Option Padding
Option: Unknown
Code: Unknown (291)
Length: 12
Option Data
Option: Unknown
Code: Unknown (33059)
Length: 12
Option Data
Option: End of Options
Block Length (trailer): 500
| | 2 | No.2 Revision |
Support for custom options is pretty recent (3431:
pcapng: add support for custom options) and not very robust.
Seems you have a pretty clear idea of what your use would be so it's worth opening an enhancement request on the Wireshark Gitlab issues page.
Notes:
There are sample captures here - pcapng-test-generator - that include custom blocks and custom options. The custom blocks are integrated into the Wireshark Packet List.
pcapng-test-generator/output_be/difficult/test202.pcapng has custom blocks:
pcapng-test-generator/output_be/basic/test009.pcapng has a EPB with custom options.
View->Reload as File Format/Capture:
Block: Enhanced Packet Block 1
Block Type: Enhanced Packet Block (0x00000006)
Block Length: 500
Block Data
Interface: 0
Timestamp (High): 312215
Timestamp (Low): 1690978218
[Timestamp: Jun 29, 2012 02:28:25.298858000 Central Daylight Time]
Captured Length: 314
Packet Length: 314
Packet Data
Packet Padding
Options
Option: Comment = test009-1
Option: Flags
Option: Drop Count = 0
Option: Unknown
Code: Unknown (2988)
Length: 13
Option Data
Option Padding
Option: Unknown
Code: Unknown (2989)
Length: 15
Option Data
Option Padding
Option: Unknown
Code: Unknown (19372)
Length: 14
Option Data
Option Padding
Option: Unknown
Code: Unknown (19373)
Length: 13
Option Data
Option Padding
Option: Unknown
Code: Unknown (291)
Length: 12
Option Data
Option: Unknown
Code: Unknown (33059)
Length: 12
Option Data
Option: End of Options
Block Length (trailer): 500
Debug logging to see custom options in capture file:
Downloads$ tshark -r ./test009.pcapng --log-level "debug" 2>&1 | grep -i "custom option" ** (tshark:8452) 20:59:55.722790 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x0bac with unknown pen 1629513313 with custom data of length 9 ** (tshark:8452) 20:59:55.722856 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x0bad with unknown pen 1936682341 with custom data of length 11 ** (tshark:8452) 20:59:55.722919 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x4bac with unknown pen 1836654694 with custom data of length 10 ** (tshark:8452) 20:59:55.722982 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x4bad with unknown pen 1836654694 with custom data of length 9 ** (tshark:8452) 20:59:55.724484 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x0bac with unknown pen 1629513313 with custom data of length 9 ** (tshark:8452) 20:59:55.724544 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x0bad with unknown pen 1936682341 with custom data of length 11 ** (tshark:8452) 20:59:55.724607 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x4bac with unknown pen 1836654694 with custom data of length 10 ** (tshark:8452) 20:59:55.724666 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x4bad with unknown pen 1836654694 with custom data of length 9
| | 3 | No.3 Revision |
Support for custom options is pretty recent (3431:
pcapng: add support for custom options) and not very robust.
Seems you have a pretty clear idea of what your use would be so it's worth opening an enhancement request on the Wireshark Gitlab issues page.
Notes:
There are sample captures here - pcapng-test-generator - that include custom blocks and custom options. The custom blocks are integrated into the Wireshark Packet List.
Note: the custom options are not formatted properly (don't include PEN).
pcapng-test-generator/output_be/difficult/test202.pcapng has custom blocks:
pcapng-test-generator/output_be/basic/test009.pcapng has a EPB with custom options.
View->Reload as File Format/Capture:
Block: Enhanced Packet Block 1
Block Type: Enhanced Packet Block (0x00000006)
Block Length: 500
Block Data
Interface: 0
Timestamp (High): 312215
Timestamp (Low): 1690978218
[Timestamp: Jun 29, 2012 02:28:25.298858000 Central Daylight Time]
Captured Length: 314
Packet Length: 314
Packet Data
Packet Padding
Options
Option: Comment = test009-1
Option: Flags
Option: Drop Count = 0
Option: Unknown
Code: Unknown (2988)
Length: 13
Option Data
Option Padding
Option: Unknown
Code: Unknown (2989)
Length: 15
Option Data
Option Padding
Option: Unknown
Code: Unknown (19372)
Length: 14
Option Data
Option Padding
Option: Unknown
Code: Unknown (19373)
Length: 13
Option Data
Option Padding
Option: Unknown
Code: Unknown (291)
Length: 12
Option Data
Option: Unknown
Code: Unknown (33059)
Length: 12
Option Data
Option: End of Options
Block Length (trailer): 500
Debug logging to see custom options in capture file:
Downloads$ tshark -r ./test009.pcapng --log-level "debug" 2>&1 | grep -i "custom option" ** (tshark:8452) 20:59:55.722790 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x0bac with unknown pen 1629513313 with custom data of length 9 ** (tshark:8452) 20:59:55.722856 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x0bad with unknown pen 1936682341 with custom data of length 11 ** (tshark:8452) 20:59:55.722919 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x4bac with unknown pen 1836654694 with custom data of length 10 ** (tshark:8452) 20:59:55.722982 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x4bad with unknown pen 1836654694 with custom data of length 9 ** (tshark:8452) 20:59:55.724484 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x0bac with unknown pen 1629513313 with custom data of length 9 ** (tshark:8452) 20:59:55.724544 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x0bad with unknown pen 1936682341 with custom data of length 11 ** (tshark:8452) 20:59:55.724607 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x4bac with unknown pen 1836654694 with custom data of length 10 ** (tshark:8452) 20:59:55.724666 [Wiretap DEBUG] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\wiretap\pcapng.c:839 -- pcapng_process_custom_option(): Custom option type 0x4bad with unknown pen 1836654694 with custom data of length 9
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.