Wireshark-users: [Wireshark-users] Stripping DOCSIS stuff out
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Frank Bulk" <frnkblk@xxxxxxxxx>
Date: Wed, 9 Aug 2006 17:30:54 -0500
I'm using the Sigtek ST-261B to capture some PacketCable VoIP traffic, and I
would really like to use a protocol analyzer other than Ethereal.  There are
others that can import libpcap files, but they don't understand the DOCSIS
stuff.

Is there a way I can strip the DOCSIS layer out so that the file becomes
acceptable?

I would like to convert this:
=====================================
Frame 60218 (224 bytes on wire, 224 bytes captured)
    Arrival Time: Aug  9, 2006 11:43:36.437466000
    Time delta from previous packet: 0.049185000 seconds
    Time since reference or first frame: 174.437466000 seconds
    Frame Number: 60218
    Packet Length: 224 bytes
    Capture Length: 224 bytes
    Frame is marked: False
    Protocols in frame: docsis:eth:ip:udp:rtp
    Coloring Rule Name: UDP
    Coloring Rule String: udp
DOCSIS
    00.. .... = FCType: Packet PDU (0x00)
    ..00 000. = FCParm: 0
    .... ...0 = EHDRON: Extended Header Absent
    MacParm: 0x00
    Length after HCS (bytes): 218
    Header check sequence: 0x0985
Ethernet II, Src: Riverdel_c7:f3:00 (00:30:b8:c7:f3:00), Dst:
ArrisInt_92:fc:bc (00:13:11:92:fc:bc)
    Destination: ArrisInt_92:fc:bc (00:13:11:92:fc:bc)
    Source: Riverdel_c7:f3:00 (00:30:b8:c7:f3:00)
    Type: IP (0x0800)
    Trailer: 3D86060A
Internet Protocol, Src: 199.120.69.31 (199.120.69.31), Dst: 10.10.1.1
(10.10.1.1)
User Datagram Protocol, Src Port: 7020 (7020), Dst Port: 57850 (57850)
Real-Time Transport Protocol
=====================================
to this:
=====================================
Frame 60218 (224 bytes on wire, 224 bytes captured)
    Arrival Time: Aug  9, 2006 11:43:36.437466000
    Time delta from previous packet: 0.049185000 seconds
    Time since reference or first frame: 174.437466000 seconds
    Frame Number: 60218
    Packet Length: 224 bytes
    Capture Length: 224 bytes
    Frame is marked: False
    Protocols in frame: eth:ip:udp:rtp
    Coloring Rule Name: UDP
    Coloring Rule String: udp
Ethernet II, Src: Riverdel_c7:f3:00 (00:30:b8:c7:f3:00), Dst:
ArrisInt_92:fc:bc (00:13:11:92:fc:bc)
    Destination: ArrisInt_92:fc:bc (00:13:11:92:fc:bc)
    Source: Riverdel_c7:f3:00 (00:30:b8:c7:f3:00)
    Type: IP (0x0800)
    Trailer: 3D86060A
Internet Protocol, Src: 199.120.69.31 (199.120.69.31), Dst: 10.10.1.1
(10.10.1.1)
User Datagram Protocol, Src Port: 7020 (7020), Dst Port: 57850 (57850)
Real-Time Transport Protocol 
=====================================