Enough of the background info, here is my issue:
The traffic is initially captured and classified as "Ethernet II" (apparently the default selection when Wireshark can't determine what kind of Ethernet traffic). Although it looks like I can get my dissector to start on the packet after the byte that identifies ethernet type (byte 14) I don't know how to "backtrack" and over rule what the core Wireshark application has already dissected. As you can see from this snipped, my protocol (566F) is still considered "Type : Unkown" even though it just used that information to pass the packet to my plugin. Also there is information in the source and destination MAC addresses that I would like to dissect.
Any ideas or help would be appreciated.
Bill
VoCAL Technologies, Ltd
Amherst, NY
Frame 986 (98 bytes on wire, 98 bytes captured)
Arrival Time: Sep 15, 2006 14:54:07.511824000
[Time delta from previous packet: 0.000952000 seconds]
[Time since reference or first frame: 2.450560000 seconds]
Frame Number: 986
Packet Length: 98 bytes
Capture Length: 98 bytes
[Frame is marked: False]
[Protocols in frame: eth:vppn]
Ethernet II, Src: IeeeRegi_33:7f:00 (00:50:c2:33:7f:00), Dst: IeeeRegi_33:7f:fc (00:50:c2:33:7f:fc)
Destination: IeeeRegi_33:7f:fc (00:50:c2:33:7f:fc)
Source: IeeeRegi_33:7f:00 (00:50:c2:33:7f:00)
Type: Unknown (0x566f)
VoCAL Private Phone Network
(.... I can dissect past this point OK it seems.....)
Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail.
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
