do
local unk_proto = Proto("unk","Unknown");
unk_proto.fields = { }
local eth_dis = Dissector.get("eth_withoutfcs") -- your next protocol
dissector here
function unk_proto.dissector(tvb,pinfo,tree)
tree:add(unk_proto,buf(0,34)) -- your offset here!
eth_dis:call(tvb(34):tvb(),pinfo,tree)
end
DissectorTable.get("ethertype"):add(0x1234,unk_proto) -- your type here
end
On 7/24/07, Frank Bulk <[EMAIL PROTECTED]> wrote:
>
>
>
>
> It would be good for the community if this particular case was tackled.
> More generically, I've seen a few requests about decoding captures that have
> specific offsets, perhaps this something that needs to be tackled, too.
>
>
>
> Regards,
>
>
>
> Frank
>
>
>
>
>
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Bill Halvorsen (bhalvors)
> Sent: Saturday, July 21, 2007 7:26 AM
> To: wireshark-users@wireshark.org
> Subject: [Wireshark-users] Setting up a display offset
>
>
>
>
>
> I am using a feature called Cable Intercept on a Cisco CMTS, it packages up
> traffic between two endpoints into a udp wrapper and sends it to a machin
> where its collected using wireshark,
>
>
>
>
>
> To view the origianl packet I need to setup an offset of 58 bytes to view
> the original IP packet.
>
>
>
>
>
> How can I do this?
>
>
>
> Bill
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
