We are currently working on a dissector which needs to address two different
types of packets. One will be a simple ethernet packet with custom data. The
other will be TCP/IP packets. Currently, our dissector (which was originally
authored by another engineer) filters on the MAC address to determine
whether or not it is one of our packets (this is probably not the best
solution, but it was the quickest that the prior developer could come up
with - other suggestions welcome). I am trying to find a way to tell whether
the packet would have been treated as an ethernet 802.3 packet or an
ethernet II packet (or some other TCP/IP identifier) in order to separate
dissection of these two cases.
In reading through packet-eth.c, it seems that the ethernet type is being
determined by checking a length field, but I don't understand where that
field is coming from ("etype = pntohs(&pd[offset+12])"). Any suggestions?
Also, if there is a better way to dissect such that TCP/IP packets are
treated differently (e.g. a new dissector) than the ethernet packets, please
let me know.
Thanks,
Pat Kujawa
Software Developer
Advanced Electronic Designs
233 Enterprise Blvd, Bozeman, MT 59718
406-585-8892 ext. 18
www.advanced.pro
_______________________________________________
Wireshark-dev mailing list
[email protected]
https://wireshark.org/mailman/listinfo/wireshark-dev
