Hi,
Why not go for these:
/* Reserved for private use. */
{ 147, WTAP_ENCAP_USER0 },
{ 148, WTAP_ENCAP_USER1 },
{ 149, WTAP_ENCAP_USER2 },
{ 150, WTAP_ENCAP_USER3 },
{ 151, WTAP_ENCAP_USER4 },
{ 152, WTAP_ENCAP_USER5 },
{ 153, WTAP_ENCAP_USER6 },
{ 154, WTAP_ENCAP_USER7 },
{ 155, WTAP_ENCAP_USER8 },
{ 156, WTAP_ENCAP_USER9 },
{ 157, WTAP_ENCAP_USER10 },
{ 158, WTAP_ENCAP_USER11 },
{ 159, WTAP_ENCAP_USER12 },
{ 160, WTAP_ENCAP_USER13 },
{ 161, WTAP_ENCAP_USER14 },
{ 162, WTAP_ENCAP_USER15 },
This is what they are there for, as far as I understand.
Thanx,
Jaap
Gil Berglass wrote:
> I have software-generated capture files of variable-length packets (my
> own, experimental, protocol) preceded by standard pcap headers. All of
> the header fields are correct. I will never have to process live data.
> There can never be anything unexpected in the file--really! In any
> case, what I build will never reach "the real world." The value I put in
> the network field of the pcap header is not used--not even close--in the
> current libpcap source. I'll be running Wireshark on a Linux (Red Hat,
> 64-bit) server. I am building a dissector plugin for these packets,
> which will be a big job.
>
> What I'm hoping to hear is that I don't have to deal with libpcap--even
> that I can use a standard Linux Wireshark binary and attach my plugin
> (if I can figure out how) and all this just works. If something else is
> needed I'm willing to patch the Wireshark source and recompile it. Can
> someone give me an idea what file(s) might need to be patched?
>
> Much thanks.
>
> Gil Berglass
> [EMAIL PROTECTED]
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
