I agree, I think the sniffer pro force protocol is a handy feature that
should be easily introduced into this platform.
Where you say I want to ignore these number of bytes and then assume x
protocol starts.
In my example, I need to ignore 56 bytes from the beginning of the frame
and starting at byte 57 assume its IP header.
I am not a coder so I don't know how hard it would be to impliment any
of these features, but if some has something I would be glad to test :)
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Tuesday, July 24, 2007 12:36 PM
To: frnkblk@xxxxxxxxx; Community support list for Wireshark
Subject: Re: [Wireshark-users] Setting up a display offset
Frank Bulk wrote:
> It would be good for the community if this particular case was
tackled.
> More generically, I've seen a few requests about decoding captures
> that have specific offsets, perhaps this something that needs to be
tackled, too.
Captures probably don't really have specific "offsets"; what they have
is a protocol whose headers are a specific *size*. Luis's example uses
a dissector, written in Lua, that "dissects" the headers without looking
at them.
So what's really wanted is, I think, a way to make it easier to add
dissectors.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
