Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: [Wireshark-users] Stripping DOCSIS stuff out

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: "Frank Bulk" <frnkblk@xxxxxxxxx>
Date: Wed, 9 Aug 2006 17:30:54 -0500

I'm using the Sigtek ST-261B to capture some PacketCable VoIP traffic, and I
would really like to use a protocol analyzer other than Ethereal.  There are
others that can import libpcap files, but they don't understand the DOCSIS
stuff.

Is there a way I can strip the DOCSIS layer out so that the file becomes
acceptable?

I would like to convert this:
=====================================
Frame 60218 (224 bytes on wire, 224 bytes captured)
    Arrival Time: Aug  9, 2006 11:43:36.437466000
    Time delta from previous packet: 0.049185000 seconds
    Time since reference or first frame: 174.437466000 seconds
    Frame Number: 60218
    Packet Length: 224 bytes
    Capture Length: 224 bytes
    Frame is marked: False
    Protocols in frame: docsis:eth:ip:udp:rtp
    Coloring Rule Name: UDP
    Coloring Rule String: udp
DOCSIS
    00.. .... = FCType: Packet PDU (0x00)
    ..00 000. = FCParm: 0
    .... ...0 = EHDRON: Extended Header Absent
    MacParm: 0x00
    Length after HCS (bytes): 218
    Header check sequence: 0x0985
Ethernet II, Src: Riverdel_c7:f3:00 (00:30:b8:c7:f3:00), Dst:
ArrisInt_92:fc:bc (00:13:11:92:fc:bc)
    Destination: ArrisInt_92:fc:bc (00:13:11:92:fc:bc)
    Source: Riverdel_c7:f3:00 (00:30:b8:c7:f3:00)
    Type: IP (0x0800)
    Trailer: 3D86060A
Internet Protocol, Src: 199.120.69.31 (199.120.69.31), Dst: 10.10.1.1
(10.10.1.1)
User Datagram Protocol, Src Port: 7020 (7020), Dst Port: 57850 (57850)
Real-Time Transport Protocol
=====================================
to this:
=====================================
Frame 60218 (224 bytes on wire, 224 bytes captured)
    Arrival Time: Aug  9, 2006 11:43:36.437466000
    Time delta from previous packet: 0.049185000 seconds
    Time since reference or first frame: 174.437466000 seconds
    Frame Number: 60218
    Packet Length: 224 bytes
    Capture Length: 224 bytes
    Frame is marked: False
    Protocols in frame: eth:ip:udp:rtp
    Coloring Rule Name: UDP
    Coloring Rule String: udp
Ethernet II, Src: Riverdel_c7:f3:00 (00:30:b8:c7:f3:00), Dst:
ArrisInt_92:fc:bc (00:13:11:92:fc:bc)
    Destination: ArrisInt_92:fc:bc (00:13:11:92:fc:bc)
    Source: Riverdel_c7:f3:00 (00:30:b8:c7:f3:00)
    Type: IP (0x0800)
    Trailer: 3D86060A
Internet Protocol, Src: 199.120.69.31 (199.120.69.31), Dst: 10.10.1.1
(10.10.1.1)
User Datagram Protocol, Src Port: 7020 (7020), Dst Port: 57850 (57850)
Real-Time Transport Protocol 
=====================================

Follow-Ups:
- Re: [Wireshark-users] Stripping DOCSIS stuff out
  - From: Guy Harris
- Re: [Wireshark-users] Stripping DOCSIS stuff out
  - From: Joerg Mayer

Prev by Date: Re: [Wireshark-users] stack mms/COTP/CLNP
Next by Date: Re: [Wireshark-users] Stripping DOCSIS stuff out
Previous by thread: [Wireshark-users] SNMP in Wireshark 0.99.2
Next by thread: Re: [Wireshark-users] Stripping DOCSIS stuff out
Index(es):
- Date
- Thread