 | 1 | initial version |
I did some digging in the source-code and the ethernet dissector registers itself with three protocol names:
So if you already know if the enbedded ethernet frames have a FCS, you can use eth_withoutfcs or eth_withfcs. If you don't know (or if it can be a mix), then you can use eth_maybefcs as the protocol.
Instead of using a custom DLT to discard this proprietary header while showing the packets in Wireshark, you can also remove the proprietary header from the pcap file by using editcap -C <headerlength> <old.pcap> <new.pcap>
