Frank Bulk wrote:
> Thanks! Did you use bittwiste with the '-D' option to remove the first 24
> bytes?
Actually: I did it the hard way using Wireshark export, an editor and
then text2pcap. :)
(It's only the first 12 bytes that need to be removed).
>
> The "from" in your modified capture is properly decoded as the Sony laptop
> I'm using (00:01:4a:9e:0e:06), but the destination (08:00:b6:53:00:08) seems
> to be some kind of variation off of the MAC address of the 7200VXR's
> FastEthernet interface (0030.b653.0008) that Sony laptop is connected to.
> Perhaps it's the MAC address of loopback interface I have defined for the
> Virtual-Template?
>
> In any case, is there an option in Wireshark to ignore the first 'x' bytes,
> or, is it possible for someone to write a dissector that handles the IP
> Traffic Export format, perhaps making it optional in the "Frame" section in
> the same way that "Treat all frames as DOCSIS frames"?
>
1. AFAIK there's no option to ignore the first x bytes.
2. It's certainly possible add some code to be able to process this type
of capture.
That being said, as you've suggested one would want to know more as to
whether this is a standard Cisco format for 'IP Traffic Export' and so on.
I'm not familiar with this Cisco functionality so I'll leave the
decision as to the best way to proceed to those who are.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
