All Traffic Being Reported as Docsis

0

Hello - I received a trace from an outside source. When I opened it up I used the Decode As feature. As a result all the traffic was interpreted as Docsis which was fine since it was coming off a cable modem infrastructure. However, my problem now is that no matter what I capture is now always interpreted as Docsis which is nonsense. The question is how can I make my Wireshark installation revert back to normal?

asked 06 Feb '12, 09:24

gregwolf0797's gravatar image

gregwolf0797
1111
accept rate: 0%

How was that trace captured? If it was captured from a Cisco device that puts DOCSIS frames onto an Ethernet as raw DOCSIS frames inside Ethernet framing, by a program that uses a sufficiently recent version of libpcap/WinPcap, they could have specified a link-layer header type of DOCSIS, so that Wireshark would automatically recognize it as DOCSIS traffic.

(06 Feb '12, 11:09) Guy Harris ♦♦
2 Answers:
oldestnewestmost voted
3

Method 1

Using the same Decode As dialog that you originally used, click the Clear button.

Method 2

Using menu Analyze > User Specified Decodes... > Clear. This wipes out all Decode As settings.

(works as of Wireshark 1.7.0)

link

answered 06 Feb '12, 09:33

bstn's gravatar image

bstn
3751415
accept rate: 14%

0

Check the following settings: Preferences - Frame protocol - uncheck "treat all frames as docsis".

link

answered 14 Nov '12, 04:49

wslez's gravatar image

wslez
11
accept rate: 0%

edited 14 Nov '12, 04:50

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×50
×1

Asked: 06 Feb '12, 09:24

Seen: 1,131 times

Last updated: 14 Nov '12, 04:50

Related questions

Traffic from all other PC to router

Capturing download size

Newb question; viewing capture results

Monitor traffic to another IP

Identify data traffic requested by users

How to make dataset such as KDDCup99 via wireshark?

recording traffic at the gateway

My Laptop interface connected into Cisco 3550 switch is seeing lots of other Source IP's

Need help decoding network traffic.

capture packets,edit and replay

about | faq | privacy | support | contact

powered by OSQA