Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: [Wireshark-dev] Re : Ethernet trailer

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: yvanmmailbox-web@xxxxxxxx
Date: Wed, 6 May 2009 06:53:18 +0000 (GMT)

Actually, I have "Ethernet type II style frames", but if I disable my plugin, I can see that ETH dissector find a trailer, without having a length in type/length field. Moreover, I know that in my frames, the padding is added by the ethernet layer, so I should dissect the trailer at the ethernet level.

I saw ETH dissector uses a pseudo header with FCS length, but I can't reuse this value in my heuristic dissector (because not defined when heuristic dissector list is called) and I don't know how to do it without this value...

Thanks for your help

Yvan

De : Richard Brodie <leogah@xxxxxxxxxxx>
À : wireshark-dev@xxxxxxxxxxxxx
Envoyé le : Mercredi, 6 Mai 2009, 1h08mn 41s
Objet : Re: [Wireshark-dev] Ethernet trailer

> Moreover, I don't understand how ethernet dissector can find if there
is padding or not.

You can only do this with '802.3' style frames where the type/length
field contains a length.
In the typical case, where the type/length field identifies a type, it's
all passed up to the next
layer which will have to work it out for itself.

Richard Brodie..
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

  • References:
    • Re: [Wireshark-dev] Ethernet trailer
      • From: Richard Brodie
  • Prev by Date: Re: [Wireshark-dev] Getting wireless GUI to work on Linux
  • Next by Date: [Wireshark-dev] Add restrictions to arguments of dumpcap
  • Previous by thread: Re: [Wireshark-dev] Ethernet trailer
  • Next by thread: [Wireshark-dev] Re new plug-in dissector - no packets, , displayed when dissector specific filter applied
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation