Wireshark · Wireshark-dev: [Wireshark-dev] Dissect packet without Ethernet data

Wireshark-dev: [Wireshark-dev] Dissect packet without Ethernet data

From: Hoang Thang <ngohoangthang@xxxxxxxxx>

Date: Wed, 30 Mar 2011 18:11:34 +0700

Hi all bros,
I have 2 pcap files, each of them contains one packet only.
1) Layers: Ethernet II -> IP -> TCP -> HTP
2) Layers: IP -> TCP -> HTP. This pcap file is extract from (1), that mean "Ethernet II" is deleted with HEX edit.... And changing size field in pcap header also.

Problem: I want to open the second file with Wireshark.

Please help me how to modify Wireshark code to dissect (2) correctly. How many step to register IP layer as root layer ?

Thank you very much,

--
Ngo Hoang Thang
--------------------------
MSN : thang@xxxxxxxx

Follow-Ups:
- Re: [Wireshark-dev] Dissect packet without Ethernet data
  - From: Jeff Morriss
- Re: [Wireshark-dev] Dissect packet without Ethernet data
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] tvb_composite
Next by Date: Re: [Wireshark-dev] Dissect packet without Ethernet data
Previous by thread: Re: [Wireshark-dev] Segmentation fault with SVN revision 36377 when configuring a specific DLT_USER
Next by thread: Re: [Wireshark-dev] Dissect packet without Ethernet data
Index(es):
- Date
- Thread