Ask Your Question
0

How to select ethernet protocol in DLT USER

asked 2019-09-28 21:10:53 +0000

Ki gravatar image

I have a capture in which every frame starts with a proprietary header followed by ethernet frame (beginning with dest MAC and source MAC). I'm trying to discard this proprietary header using DLT USER but when I try to set "ethernet" or "ethics's" as payload protocol, I get a "dissector not found" error. How can I do ?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-09-29 09:49:20 +0000

SYN-bit gravatar image

I did some digging in the source-code and the ethernet dissector registers itself with three protocol names:

  • eth_withoutfcs
  • eth_withfcs
  • eth_maybefcs

So if you already know if the enbedded ethernet frames have a FCS, you can use eth_withoutfcs or eth_withfcs. If you don't know (or if it can be a mix), then you can use eth_maybefcs as the protocol.

Instead of using a custom DLT to discard this proprietary header while showing the packets in Wireshark, you can also remove the proprietary header from the pcap file by using editcap -C <headerlength> <old.pcap> <new.pcap>

edit flag offensive delete link more

Comments

This needs an update of the User's Guide.

Jaap gravatar imageJaap ( 2019-09-29 09:50:38 +0000 )edit

Or we could register eth (as a duplicate of eth_maybefcs)? That would be much more intuitive than eth_maybefcs, even if it is mentioned in the UG, still a lot of non-RTFM in the world ;-)

SYN-bit gravatar imageSYN-bit ( 2019-09-29 09:52:25 +0000 )edit

Thanks a lot, this works perfectly.

Ki gravatar imageKi ( 2019-09-29 11:09:19 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-09-28 21:10:53 +0000

Seen: 287 times

Last updated: Sep 29 '19