Wireshark · Ethereal-dev: Re: [Ethereal-dev] Ethernet II Trailer identification

[Guy Harris <guy@xxxxxxxxxxxx>]

Eduardo Escudero Sánchez wrote:
> How can ethereal determine the size of the trailer based on the size of 
> rest of the frame? In the data part of the frame there could be a lot of 
> different protocol-dependent data.

The Ethernet dissector relies on the dissector that it calls to set the 
actual length of the tvbuff it handed to that dissector to the actual 
length.  The IPv4 dissector, for example, sets it based on the total 
length in the IPv4 header.

> What im doing now is analize the data 
> inside the ethernet II frame and seeing if there is more data than the 
> upper protocol expects.

That is, in effect, what Ethereal does.

> But 
> this is not a very efficient approach because if i want to stay 
> independent of upper protocols it means that if i want to analize a MAC 
> level frame i have to step onto uppper levels to achieve it. That means 
> too that i must have implememnted frame analizers for all the upper 
> protocols in order to ask any of them what is the length of their data 
> to obtain the real length of the ethernet II data.

There is no alternative to that.  The payload length of a protocol 
encapsulated with an Ethernet type field is defined by the protocol, so 
the only way to find out what that length is would be to have code that 
understands enough of that protocol to determine the payload length.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev