Hello all, I'm interested in translating USB capture files from Total Phase Beagle USB analyzers into something wireshark will display. The Beagle comes with a GUI for displaying traffic, but wireshark would be cool because it could dissect what's going on inside the usb traffic (eg, SCSI, PPP, etc).
My initial plan is just to write a translater for .bgl to .pcap, but I need to figure out which dissector to target when I'm writing packet entries in .pcap. Maybe later I can write a capture plugin so Wireshark can drive the beagle directly. It looks like my current choice of dissectors are USB Raw (dlt 186) or USB with Linux encapsulation (dlt 189). The linux encapsulation appears to be the one with the best existing support, as the usb raw displays don't show a heck of a lot other than the data, and my poking around on the web suggests that dlt 189 was an early version. The linux encapsulation displays are better, but they are definitely oriented around displaying what is happening in the usb driver stack (what with the request/response stuff) as opposed to what a bus analyzer shows, which is more like the straightforward traffic that wireshark's ethernet displays show (timestamp:data). Ideally what I want is to show plain old usb traffic just like ethernet, either with literal packet display (eg, an IN packet on one line, then a DATA0 packet with a payload on the next, then an ACK or NAK packet on the next) or maybe with transaction display (With IN/DATA0/ACK all on the same line). So, I finally get around to my questions: 1. Is dlt 189 a development dead end? 2. Was dlt 189 also oriented around submit/response, or was it more suitable to what I'd like to do? 3. Should I just reserve a new dlt number and make a new dissector? Regards, --Gordon _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
