Decode a user specific packet
Hi,
I am looking for an option where UDP data can be decoded based on may be user input. We have a sflow sampled packet where it does not follow INMON sflow packet format. Hardware slap a shim header 8 bytes and followed by original sampled packet. Can you please let us know if there is a way to decode such packet?
Even in IPFIX system exchange its template with collector. so how can we decode user specific packets with Wireshark?
Decode-As fields shows multiple option but there is no way I can specify how user specific data can be decode. Thanks Rahul Jain
Have you looked at writing a Lua dissector to decode your data? There are a few wiki pages on the Wireshark site that should help you and Chapter 10 of the Wireshark Developer Guide should also be helpful as well.
(Of course you can also write a "built-in" C dissector, but that requires an entire development environment and many more prerequisites. If that's of interest to you though, then the Wireshark Developer Guide should have all the information you need to get started.)
Have you tried removing the shim header with editcap (editcap -C) and then trying to decode the packets?