When using a custom DLT_USER with "mime_multipart" it shows: dissector not found
That's because Wireshark didn't find a dissector named "mime_multipart".
It failed to find it because there is no dissector in Wireshark 3.6.x or 4.0.x named "mime_multipart".
There is a dissector for multipart/ media types, but, in all current Wireshark releases, it has no name, so the only way it gets called is if there's data that's identified by some other protocol in the packet as having a media type of multipart/<something>; there's no way to explicitly say "hand this to the multipart/ media type dissector".
The only ways to do that would either be to 1) wait for Wireshark 4.2, in which that dissector has a name ("mime_multipart"), or 2) use a "bleeding edge" Wireshark build from the "automated builds" area, where there are source code trees under "src" (which you will have to build yourself) and 32-bit Windows, 64-bit Windows, and macOS x86-64 and ARM64 builds under "win32", "win64", and "osx", respectively.
If you go with 2), you're living on the bleeding edge, so you may get buggier behavior than with an official release.
What does "custom PCAPNG EPB structure"? The only things that can be customized in a pcapng Enhanced Packet Block are 1) you can add custom options or 2) add a local-use option (one with the uppermost bit set in the option type). You can't change the fixed portion of the EPB.
That's not "a custom PCAPNG EPB structure", that's a custom link-layer type, which can be used with pcap or pcapng files. Is that what you mean - you are using a
DLT_USERvalue (or, rather, aLINKTYPE_USERvalue) in the Interface Description Block for the interface on which the EPB arrived?Yes, I meant to say, that the link-layer type is a custom value (DLT_USER). The EPB structure is fixed of course.