I have proprietary trace points throughout my code that are captured to a file. I'd like to build a Wireshark dissector to decode these traces. I worry that these traces are not wire packets. They contain an id, timestamp, size and then some additional bytes in a binary stream format. I currently have created a crude decoder for these traces but I'd rather use Wireshark and some of its features. Does this seem like a good idea or is Wireshark better suited for wire packets? asked 11 Oct '10, 13:35 cliffconklin edited 29 Feb '12, 19:15 cmaynard ♦♦ |
One Answer:
Any 'framed' transport can be processed in a dissector. That's how 'wire' protocols work, but also 'streaming media', like MPEG and even JPEG files work. Wireshark contains dissectors for all these. What you can do is write out PCAP format files (see Wiki pcap page) with one of the USER Data Link Types and create a dissector for that DLT. answered 11 Oct '10, 14:38 Jaap ♦ |