Hi List!
Having some hard times to handle Frame Check Sequence (FCS) in Ethernet Frames.
In the protocol PN-RT (directly on top of Ethernet), the last four user bytes contains some protocol status values. There's no length field to indicate at which offset the status is, so I'll have to take the end of the tvb and subtracting the status field length.
As I got some capture files made by EtherPeek, these files contain an empty fcs field (with the length indicated with pseudo_header->eth.fcs_len from wiretap). If the field "pseudo_header->eth.fcs_len" is valid (not -1) I'm subtracting this length too, to get the correct offset, still works ok.
Now we have some EtherPeek capture files, which needs to be merged using a script before loading into Ethereal.
As we cannot write to the EtherPeek format (write of this format is not supported), first converting to libpcap format and then merging these files together.
Unfortunately, converting to libpcap format will remove the fcs_len information, resulting in a wrong offset while dissecting the PN-RT status field.
Which is the right way to fix this? Changing the dissector somehow (but I don't know how), or removing the 4 byte FCS from lipbcap output?
Regards, ULFL
__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach!
Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131
