wireshark-dev August 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] data link type option in wire

Re: [Wireshark-dev] data link type option in wireshark

From: Guy Harris <guy_at_nospam>
Date: Wed Aug 18 2010 - 06:53:58 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

On Aug 17, 2010, at 11:28 PM, upendra.allu@wipro.com wrote:

> I have a query on data link type option in Wireshark.
> While decoding packets in Wireshark, we have an option to select the data link type (ex. Ethernet) for decoding the plug-ins.

To what option are you referring? The "Decode As" option from the "Analyze" menu, which lets you select, for a given Ethernet type, a protocol (regardless of whether the protocol's dissector is a plugin or a built-in) to use as the protocol for that Ethernet type?

> Now my question is, is it possible to decode the protocols directly without data link?

If you mean "I have a plugin for Ethernet type XXXX, can I make it the official protocol for Ethernet type XXXX, so that I don't have to use 'Decode As' to make Wireshark dissect packets of Ethernet type XXXX with my plugin", the answer is "yes" - you just have to have the handoff-registration routine in your plugin do

        dissector_add("ethertype", XXXX, my_dissector_handle);

XXXX here would probably be a hex number, for example 0x8048 if the Ethernet type for your protocol is hex 8048.

(If that's not what you mean, you'll have to explain what you mean.)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe