do
local unk_proto = Proto("unk","Unknown");
unk_proto.fields = { }
local eth_dis = Dissector.get("eth_withoutfcs") -- your next protocol
dissector here
function unk_proto.dissector(tvb,pinfo,tree)
tree:add(unk_proto,buf(0,34)) -- your offset here!
eth_dis:call(tvb(34):tvb(),pinfo,tree)
end
DissectorTable.get("ethertype"):add(0x1234,unk_proto) -- your type here
end
On 7/24/07, Frank Bulk <frnkblk@xxxxxxxxx> wrote:
It would be good for the community if this particular case was tackled.
More generically, I've seen a few requests about decoding captures that have
specific offsets, perhaps this something that needs to be tackled, too.
Regards,
Frank
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
Bill Halvorsen (bhalvors)
Sent: Saturday, July 21, 2007 7:26 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Setting up a display offset
I am using a feature called Cable Intercept on a Cisco CMTS, it packages up
traffic between two endpoints into a udp wrapper and sends it to a machin
where its collected using wireshark,
To view the origianl packet I need to setup an offset of 58 bytes to view
the original IP packet.
How can I do this?
Bill
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
