Wireshark · Wireshark-users: [Wireshark-users] Question on Decoding packet with inserted proprietary header

Wireshark-users: [Wireshark-users] Question on Decoding packet with inserted proprietary header

From: "Small, James" <JSmall@xxxxxxxxxxxx>

Date: Tue, 13 Mar 2007 14:12:51 -0400

Hello,

I am dealing with packets that are modified by a vendor device.  The
packets are standard Ethernet frames with IP.  Once the frames/packets
traverse the Vendor device, a new proprietary header is inserted between
the Ethernet header and the IP header.

So, in a standard IP/Ethernet packet, my IP offset is 0x08.
In the modified IP/Ethernet packet, my IP offset is 0x30.

The modified IP/Ethernet packet looks like this:
Ethernet Header
Proprietary Header - 34 bytes
IP Header and the rest of the packet

Using Wireshark, is there a way to start the IP decode at a/the
specified offset?


In this case I don't really need to decode the vendor header, I just
need to see the IP header and after.

Any feedback greatly appreciated!

Thanks,
  --Jim

Follow-Ups:
- Re: [Wireshark-users] Question on Decoding packet with insertedproprietary header
  - From: Anders Broman
- Re: [Wireshark-users] Question on Decoding packet with inserted proprietary header
  - From: Stephen Fisher

Prev by Date: [Wireshark-users] Install / Uninstall
Next by Date: Re: [Wireshark-users] Install / Uninstall
Previous by thread: Re: [Wireshark-users] Sniffing across 2 network types
Next by thread: Re: [Wireshark-users] Question on Decoding packet with insertedproprietary header
Index(es):
- Date
- Thread