Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8229] Need a way to treat alleged Ethernet frames as raw IP frames to work aro

Wireshark-bugs: [Wireshark-bugs] [Bug 8229] Need a way to treat alleged Ethernet frames as raw I

Date: Mon, 28 Jan 2013 22:13:26 +0000

Comment # 6 on bug 8229 from Guy Harris

(In reply to comment #5)
> Created attachment 9886 [details]
> Sample capture file with missing Ethernet header.
> 
> This capture file contains a single ICMP "destination unreachable" packet,
> except there's no Ethernet header so Wireshark is unable to dissect it.

Running "editcap -T rawip -F libpcap {that capture file} {path for new capture
file}" also produces a capture file that works with Wireshark (and presumably
other libpcap-capable programs that understand DLT_RAW, e.g. tcpdump) can read.

("editcap -T rawip" does *NOT* work with the 1.8.x editcap; the resulting
pcap-ng file doesn't have the right link-layer header type for the interface. 
There are a number of problems with the current way we handle per-file
link-layer header types and per-interface information; some rearchitecting of
both libwiretap and the programs that use it, including API changes, are needed
for this and other problems.  But I digress....)

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 8229] New: "Decode as..." for entire frames required
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 5023] feature request: support for "fasp" protocoll (Aspera)
Next by Date: [Wireshark-bugs] [Bug 8269] can't search hex string in the current packet and highlight it with Ctrl+F
Previous by thread: [Wireshark-bugs] [Bug 8229] Need a way to treat alleged Ethernet frames as raw IP frames to work around a WinPcap bug
Next by thread: [Wireshark-bugs] [Bug 8229] Need a way to treat alleged Ethernet frames as raw IP frames to work around a WinPcap bug
Index(es):
- Date
- Thread