This is our old Q&A Site. Please post any new questions and answers at

I have proprietary trace points throughout my code that are captured to a file. I'd like to build a Wireshark dissector to decode these traces. I worry that these traces are not wire packets. They contain an id, timestamp, size and then some additional bytes in a binary stream format. I currently have created a crude decoder for these traces but I'd rather use Wireshark and some of its features. Does this seem like a good idea or is Wireshark better suited for wire packets?

asked 11 Oct '10, 13:35

cliffconklin's gravatar image

accept rate: 0%

edited 29 Feb '12, 19:15

cmaynard's gravatar image

cmaynard ♦♦

Any 'framed' transport can be processed in a dissector. That's how 'wire' protocols work, but also 'streaming media', like MPEG and even JPEG files work. Wireshark contains dissectors for all these.

What you can do is write out PCAP format files (see Wiki pcap page) with one of the USER Data Link Types and create a dissector for that DLT.

permanent link

answered 11 Oct '10, 14:38

Jaap's gravatar image

Jaap ♦
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 11 Oct '10, 13:35

question was seen: 4,653 times

last updated: 29 Feb '12, 19:15

p​o​w​e​r​e​d by O​S​Q​A