We are currently working on a dissector which needs to address two different types of packets. One will be a simple ethernet packet with custom data. The other will be TCP/IP packets. Currently, our dissector (which was originally authored by another engineer) filters on the MAC address to determine whether or not it is one of our packets (this is probably not the best solution, but it was the quickest that the prior developer could come up with - other suggestions welcome). I am trying to find a way to tell whether the packet would have been treated as an ethernet 802.3 packet or an ethernet II packet (or some other TCP/IP identifier) in order to separate dissection of these two cases.
In reading through packet-eth.c, it seems that the ethernet type is being determined by checking a length field, but I don't understand where that field is coming from ("etype = pntohs(&pd[offset+12])"). Any suggestions?
Also, if there is a better way to dissect such that TCP/IP packets are treated differently (e.g. a new dissector) than the ethernet packets, please let me know.
Thanks,
Pat Kujawa
Software Developer
Advanced Electronic Designs
233 Enterprise Blvd, Bozeman, MT 59718
406-585-8892 ext. 18
www.advanced.pro 
