Yes, you could treat any arbitrary piece of data as "packet" data and have a dissector put it into the wireshark GUI.
Where the fake protocol should go in the protocol stack is entirely up to you. You could make it a "link layer", and have wiretap understand it as its own special file format, and to pass it as a new link layer to wireshark. Or, as you suggset, you could put some fake headers before the data and have wireshark pass it as a regular pcap file. In either case, you will need to write a new dissector to handle your fake protocol. --gilbert On 8/1/06, Priyanka Kamath <[EMAIL PROTECTED]> wrote: > > Hi All, > > I am planning to display a text file which contains some relevant > information in the Wireshark GUI. > My text file contains parameters as below: > > Mobile Number > Source > Destination > Time > Event Type > > I am trying to convert this to the pcap format by adding the pcap headers, > record headers and dummy Ethernet, IP and UDP headers in front of the text > content. Is this possible? > Also, if i write a dissector to read the text fields, will it get displayed > correctly in the GUI? > > Thanks a lot! > > -- > Regards, > Priyanka > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
