Hi, Do the modified packet has it's own Ethertype? If so you could make a dissector for that ethertype that dissects the 34 byte header before passing the tvb to the IP dissector(it doesn't necessarily have to interpret the header). Best regards Anders
-----Ursprungligt meddelande----- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Small, James Skickat: den 13 mars 2007 19:13 Till: Community support list for Wireshark Ämne: [Wireshark-users] Question on Decoding packet with insertedproprietary header Hello, I am dealing with packets that are modified by a vendor device. The packets are standard Ethernet frames with IP. Once the frames/packets traverse the Vendor device, a new proprietary header is inserted between the Ethernet header and the IP header. So, in a standard IP/Ethernet packet, my IP offset is 0x08. In the modified IP/Ethernet packet, my IP offset is 0x30. The modified IP/Ethernet packet looks like this: Ethernet Header Proprietary Header - 34 bytes IP Header and the rest of the packet Using Wireshark, is there a way to start the IP decode at a/the specified offset? In this case I don't really need to decode the vendor header, I just need to see the IP header and after. Any feedback greatly appreciated! Thanks, --Jim _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
