https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5240
--- Comment #5 from Jason Masker <jason@xxxxxxxxxx> 2010-09-21 12:19:47 PDT ---
(In reply to comment #3)
> How does this interact with -C <choplen>
> Where's the manual page change?
I added documentation to the patch. I did not change the behavior of -C in
adding -P and the options could be used together. Using -C and -P we could
decapsulate a protocol with a trailer, such as Ethernet, but I cannot think of
one that would be practical at the moment. (Decapsulating Ethernet would not be
useful because Wireshark will not understand the encapsulated protocol without
the Ethernet header.) -P takes an offset from the beginning of the packet and
-C from the end. -P is processed first, but -C will still chop from the end of
the actual packet if the beginning has already been chopped by -P. Both -P & -C
have a sanity check to ensure the entire packet is not chopped. Because -P is
processed first, if insane parameters are passed, this could mean that -P will
succeed and -C will not chop because it would eliminate what remains of the
packet. This seems reasonable, but if there are other checks that would be
appropriate, or a more clear way to document this behavior, I could make the
necessary modifications.
ERSPAN is a very useful capture technology, allowing a capture to be sent to
any IP destination. For example, I often set up captures ad hoc and pass them
to my laptop, running Wireshark with an 'ip proto 0x2f' capture filter to get a
clean capture wherever I might be connected to the network. However, it is
often useful to convert the resulting file to a format that is more in line
with what would come off the wire and understood by more tools.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.