Wireshark · Ethereal-dev: [ethereal-dev] Null headers and decoding data from an arbitrary position in packet

Ethereal-dev: [ethereal-dev] Null headers and decoding data from an arbitrary position in pac

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <sharpe@xxxxxxxxxx>

Date: Fri, 03 Dec 1999 01:34:37 +1000

Hi,

I am interested in adding another feature to Ethereal. I have seen a
capture file that seems to be from a Cisco to Cisco sync link, where each
frame had 0xFF000800 on the front.  

It was clear that the packets were IP; they started with 0x45.

Ethereal does not understand such packets, so I wanted to add the following
sort of thing:

  -N offset val

Which specifies that the capture file actually has a NULL header of the
specified value at offset <offset>. Val is a short and the following bytes
are to be treated as nn Ethertype ...

I think I know how to hack this in, but am wondering what others think.


Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course

Follow-Ups:
- Re: [ethereal-dev] Null headers and decoding data from an arbitrary position in packet
  - From: Guy Harris

Prev by Date: [ethereal-dev] Other utilities with Ethereal ...
Next by Date: [ethereal-dev] Null capture type ...
Previous by thread: [ethereal-dev] Other utilities with Ethereal ...
Next by thread: Re: [ethereal-dev] Null headers and decoding data from an arbitrary position in packet
Index(es):
- Date
- Thread