This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have proprietary trace points throughout my code that are captured to a file. I'd like to build a Wireshark dissector to decode these traces. I worry that these traces are not wire packets. They contain an id, timestamp, size and then some additional bytes in a binary stream format. I currently have created a crude decoder for these traces but I'd rather use Wireshark and some of its features. Does this seem like a good idea or is Wireshark better suited for wire packets?

asked 11 Oct '10, 13:35

cliffconklin's gravatar image

cliffconklin
1111
accept rate: 0%

edited 29 Feb '12, 19:15

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


Any 'framed' transport can be processed in a dissector. That's how 'wire' protocols work, but also 'streaming media', like MPEG and even JPEG files work. Wireshark contains dissectors for all these.

What you can do is write out PCAP format files (see Wiki pcap page) with one of the USER Data Link Types and create a dissector for that DLT.

permanent link

answered 11 Oct '10, 14:38

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×82
×12
×6

question asked: 11 Oct '10, 13:35

question was seen: 4,548 times

last updated: 29 Feb '12, 19:15

p​o​w​e​r​e​d by O​S​Q​A