Hello again, and thank you for the quick response!
This looks like a solution, yes. There seems to be no http traffic
over my network right now (except mine), but it looks like the
solution for the problem. I have seen the DLT_USER before, but I
thought the header_size was supposed to be the length of the
BTW, it seems there is a bug in Windows version, the payload_header
gets overwritten by random data. It's 1800 in the capture I attached,
but sometimes it will be just random symbols, which seem to come from
the capture data. Looks like an array out of bounds somewhere.. It is
not a big problem, as it doesn't happen each time.
Thank you very much for the help, I'm going out of town now, but I'll
mail back if this works!
Siterer Sake Blok <[email protected]>:
Anyone have tips on how you loose a few bytes? I get 12 bytes between
the Ethernet header and IP header. This means that wireshark does not
recognize the IP header as, and I can't use any of the wireshark's
Anyone know how to get rid of those bytes, or perhaps what they are?
I have no idea at this point in time on what they are, but James Small
has a good procedure on how to "get rid of the extra bytes". Have a look
at his mail:
Hope this helps, Cheers,
Wireshark-users mailing list