Wireshark · Wireshark-users: Re: [Wireshark-users] Setting up a display offset

Wireshark-users: Re: [Wireshark-users] Setting up a display offset

From: "Bill Halvorsen \(bhalvors\)" <bhalvors@xxxxxxxxx>

Date: Wed, 25 Jul 2007 17:15:20 -0400

Can anyone follow up with me on this, is there a way to force a offset
so wireshark will start decoing 56 bytes inside the frame and assume it
to be a protocol like IP.

Thanks

Bill

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Bill
Halvorsen (bhalvors)
Sent: Tuesday, July 24, 2007 12:59 PM
To: Community support list for Wireshark; frnkblk@xxxxxxxxx
Subject: Re: [Wireshark-users] Setting up a display offset

I agree, I think the sniffer pro force protocol is a handy feature that
should be easily introduced into this platform.

Where you say I want to ignore these number of bytes and then assume x
protocol starts.

In my example, I need to ignore 56 bytes from the beginning of the frame
and starting at byte 57 assume its IP header.

I am not a coder so I don't know how hard it would be to impliment any
of these features, but if some has something I would be glad to test :) 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Tuesday, July 24, 2007 12:36 PM
To: frnkblk@xxxxxxxxx; Community support list for Wireshark
Subject: Re: [Wireshark-users] Setting up a display offset

Frank Bulk wrote:
> It would be good for the community if this particular case was
tackled.  
> More generically, I've seen a few requests about decoding captures 
> that have specific offsets, perhaps this something that needs to be
tackled, too.

Captures probably don't really have specific "offsets"; what they have
is a protocol whose headers are a specific *size*.  Luis's example uses
a dissector, written in Lua, that "dissects" the headers without looking
at them.

So what's really wanted is, I think, a way to make it easier to add
dissectors.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Follow-Ups:
- Re: [Wireshark-users] Setting up a display offset
  - From: Small, James

References:
- [Wireshark-users] Setting up a display offset
  - From: Bill Halvorsen (bhalvors)
- Re: [Wireshark-users] Setting up a display offset
  - From: Frank Bulk
- Re: [Wireshark-users] Setting up a display offset
  - From: Guy Harris
- Re: [Wireshark-users] Setting up a display offset
  - From: Bill Halvorsen (bhalvors)

Prev by Date: Re: [Wireshark-users] Script to convert Cisco ATM dump to something that Wireshark can read
Next by Date: Re: [Wireshark-users] Low Level Ethernet Debugging
Previous by thread: Re: [Wireshark-users] Setting up a display offset
Next by thread: Re: [Wireshark-users] Setting up a display offset
Index(es):
- Date
- Thread