Wireshark-dev: Re: [Wireshark-dev] decoding depth & capture format

From: "Marc Lebas" <mlebas@xxxxxxxxxx>
Date: Mon, 2 Mar 2009 09:41:18 -0000
Oups.. Better with enclosure 

-----Message d'origine-----
De : wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] De la part de Lebas, Marc (CTF:8J00)
Envoyé : lundi 2 mars 2009 10:27
À : Developer support list for Wireshark
Objet : Re: [Wireshark-dev] decoding depth & capture format

Hello Jeff,

Enclosed is a small capture file (99 records, 27Kb). 
i can provide you with a bigger file if this excerpt does not contain IP frames.

Marc

-----Message d'origine-----
De : wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] De la part de Jeff Morriss Envoyé : vendredi 27 février 2009 15:53 À : Developer support list for Wireshark Objet : Re: [Wireshark-dev] decoding depth & capture format



Marc Lebas wrote:
> Hello,
> Maybe its a User question but that could be a dev issue; anyway there 
> was no answer to my question on the User's mailing list.
> 
> The issue : i got different depth in decoding (GPRS over FR), 
> depending on the capture file format :
> With rf5, the analysis is limited to GPRS protocol layers, but never 
> decode IP which is the encapsulated protocol.
> With libpcap, it is OK; Wireshark go deeper as it is able to decode 
> encapsulated IP frames in GPRS frames.
> Why such a behaviour ? Did i missed something in my config ?
> Here is my config on Linux (but the issue is the same on Windows) :
> - preferences : fr.encap: GPRS Network Service
> - cat k12_protos : "gprs_gb","fr"

Not having ever looked at a GPRS capture in Wireshark, I don't know. 
(Small) sample captures would help.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: small.rf5
Description: small.rf5