lo all,
I'm writing a C++ app that decodes packets off the wire and from pcap
files, using Wireshark to check my work as i go.
I have a packet with headers: IP->TCP->TPKT->Q931->H225
The TPKT header is tripping me up. It's 4 bytes, with a structure of:
1: Version
2: Reserved
3+4: Length
There's no information in the header itself that identifies it as a TPKT
header. However, Wireshark correctly identifies this header, even when
captured (as in this case) on a different port from the standard 102 for
TPKT traffic.
Does anyone know how Wireshark does this ? In terms of packet
structure / bytes.
Thanks in advance