This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Writing Link Layer dissector

I want to write my own LINK_LAYER dissector, which using DLT_USER13. I tried to use function void dissector_add_for_decode_as(const char *name, dissector_handle_t handle); but i can't understand the value of name for link_layer protocol.

link_layer dlt_user

asked 07 Jul '17, 06:32

Nomad
6●1●2●2
accept rate: 0%

edited 08 Jul '17, 14:20

Lekensteyn
2.2k●3●7●24

One Answer:

The "name" is the name of the dissector table; for a pcap/pcapng link layer, the name would be "wtap.encap".

Alternatively, you can make sure your dissector has a name, and edit the "Encapsulations Table" list for the preferences for the "DLT_USER" protocol, and put in an entry with "User 13" as the DLT, your protocol as the "Payload protocol", and 0 as the header and trailer lengths.

answered 11 Jul '17, 19:16

Guy Harris ♦♦
17.4k●3●35●196
accept rate: 19%

edited 11 Jul '17, 22:46

sindy
6.0k●4●8●51