Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Interpreting ethernet trailers

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Tue, 11 Dec 2007 16:23:00 -0700
On Tue, Dec 11, 2007 at 01:09:21PM -0800, Benn Bollay wrote:

> I'm trying to write a dissector for ethernet trailers.  It seems like
> the ideal way would be to hook the existing ethernet dissector and
> have it call my dissector, however I can't figure out any way of doing
> this on the existence of the trailer that doesn't require manipulating
> packet-eth.c (I was hoping for a plugin).  I was looking at doing this
> as a postdissector, but then I would have to parse the relevent
> headers to determine where the end of the "proper" packet lay, which
> seemed like a lot of unnecessary duplicate work.

The Ethernet dissector already handles the display of Ethernet trailers
when it can guess that they are present based on comparing the size of
the packet to the minimum packet size of Ethernet.  The current
functionality highlights the trailer bytes when selecting the Ethernet
dissector and displays them under the Ethernet dissector's tree.  Is
there something more you're looking to do?


Steve