On Mar 13, 2007, at 10:12 PM, Small, James wrote:
Guy, that sounds like an excellent idea. Would you like me to file
the
request?
Yes, please do. (It is, of course, not a quick project.)
___
Wireshark-users mailing list
Hi Doug,
That sounds pretty sweet. I tried to follow the steps and I think I'm
close. I use bittwiste to change the Data Link Type:
bittwiste -I one.cap -O two.cap -M 147
I load the libpcap file in Wireshark 0.99.5.
Under the Info column I now see: WTAP_ENCAP = 45, so I think so far so
good.
Maybe try ip instead of IP.
On Wed, 14 Mar 2007 20:46:24 -0400, Small, James [EMAIL PROTECTED]
said:
Hi Doug,
That sounds pretty sweet. I tried to follow the steps and I think I'm
close. I use bittwiste to change the Data Link Type:
bittwiste -I one.cap -O two.cap -M 147
I load the
Yes--that's it!
Thanks Hans.
That definitely works and is easier than cutting the header out. Never
the less, I really like Guy's idea as that would still let me see the
Ethernet header too.
Thanks for everyone's help on this,
--Jim
-Original Message-
Maybe try ip instead of IP.
Anyway, could be a useful Wireshark feature - if you agree let me
know
and I'll put it on the wish list.
What would be nice would be a language to describe a packet format and
an interpreter for the language, so that a non-programmer could add a
dissector for simpler protocols. Even if
