So far, we need to use GUI to properly register a new custom dissector (DLT_USER table in Edit->Preferences).
Instead of this, which files should I modify to make the same done without GUI? I've found dlt_users file in .../AppData/Roaming/Wireshark directory. However this is not the only place I should update because Wireshark doesn't use new dissector anyway.
The correct name of the file is user_dlts, not dlt_users. I'm not sure if that's what you meant to write? This file is applicable per-profile though, so if you're running Wireshark using a different profile other than the Default profile, you'll have to update the per-profile file as well.
You could also launch Wireshark using the -o "uat:user_dlts:..." option, which should then work regardless of the profile. The Wireshark man page provides the following example:
If prefname is "uat", you can override settings in various user access tables using the form uat:uat filename:uat record. uat filename must be the name of a UAT file, e.g. userdlts. uatrecord must be in the form of a valid record for that file, including quotes. For instance, to specify a user DLT from the command line, you would use
-o "uat:user_dlts:\"User 0 (DLT=147)\",\"cops\",\"0\",\"\",\"0\",\"\""
Asked: 2017-12-20 23:00:45 +0000
Seen: 376 times
Last updated: Dec 21 '17
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.