asked 06 Oct '17, 12:18
edited 06 Oct '17, 18:57
DLT 162 is USER_15, that is what the file says. That is one step, now Wireshark knows what it is, a user defined encapsulation. What it doesn't know is how to dissect that, because it doesn't know about this user-defined encapsulation, unless you tell it.
That is where the DLT_USER protocol preference comes in. If you look that up in the Wireshark preferences you'll see that you can edit the Encapsulation table. This table lets you define how to dissect user encapsulations.
It starts off with the DLT you use, then the protocol the data should be dissected as.
If your protocol data is wrapped inside a header and/or trailer these can be dissected as well, but these are a bit more exotic situations.
answered 07 Oct '17, 00:56