This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

Catapult DCT2000 .out file packet header

This protocol / header format consists of some information associated with a packet read from a Catapult DCT2000 .out file. The fields that comprise this protocol (protocol, variant, context, direction, original timing information) should be useful for filtering, and also make it easy to correlate entries in the Wireshark packet list with the DCT2000 decodes.

Wireshark

The DCT2000 dissector shows the fields of this protocol before handing off to the appropriate link-type dissector (ip, ethernet, atm, sscop, lapd, ppp, frame relay or mtp2). Support for this file support/protocol first appeared in version 0.99.1pre1.

Preference Settings

* Only show known 'board-port' protocols. Default OFF (i.e. show all messages) * Use IP Prim heuristic. For messages that appear to be protocol payloads sent to/from the UDP/TCP state machine, attempt to dissect the payload a Wireshark dissector is found using the DCT2000 protocol name. Default ON

.out files can contain non-standard messages sent between contexts running on the same card, so by setting this to ON, you can tell the wiretap module not to load these messages. When creating .out files for use by Wireshark you should obviously turn on logging for board ports.

Example capture file

Here is a short example file of this format, that has examples of packets using most supported link types

Display Filter

A complete list of DCT2000 display filter fields can be found in the [http://www.wireshark.org/docs/dfref/d/dct2000.html display filter reference] (NOTE: this page will hopefully be generated after the next release)

(Note that a capture file will either all be DCT2000 packets, or none at all, so the above filter is not very useful)

Capture Filter

There is no way to directly capture dct2000 packets - they will only be seen by opening DCT2000 .out files.

Discussion