 | 1 | initial version |
What you should do is either:
wiretap/wtap.h, modify wiretap/pcap-common.c to map the LINKTYPE_ value to the WTAP_ENCAP_ value, and have your dissector register in the wtap_encap dissector table with the WTAP_ENCAP_ value;or
The second of those is simpler, but doesn't guarantee that other users won't use the same LINKTYPE_USERn value for a different type of link-layer header.
| | 2 | No.2 Revision |
What you should do is either:
LINKTYPE_ value assigned for your link-layer packet type, by sending a message to [email protected], use that rather than 999, add an official WTAP_ENCAP_ value for it in wiretap/wtap.h, modify wiretap/pcap-common.c to map the LINKTYPE_ value to the WTAP_ENCAP_ value, and have your dissector register in the wtap_encap dissector table with the WTAP_ENCAP_ value;or
LINKTYPE_USERn values specifically reserved for private use (as per the list of LINKTYPE_ values, those are values in the range 147 through 162), open up the Preferences dialog in Wireshark, open up Protocols in that dialog, select DLT_USER, and edit the Encapsulations Table and arrange that the LINKTYPE_USERn/DLT_USERn value you used be dissected by your dissector.The second of those is simpler, but doesn't guarantee that other users won't use the same LINKTYPE_USERn LINKTYPE_USERn value for a different type of link-layer header.