Wireshark-bugs: [Wireshark-bugs] [Bug 9427] Dissector for T1-channels-over-raw-Ethernet protocol
Date: Thu, 21 Nov 2013 19:37:16 +0000

Comment # 25 on bug 9427 from
(In reply to comment #24)
> It is my understanding (Brett, please correct me if I am wrong) that all
> that is needed here is a simple script to apply your standard Frame-Relay
> decode to the portion of each packet (the 960 bytes; 0010-03CF).

If by "your standard Frame-Relay decode" you mean the Wireshark dissector for
Frame Relay, that statement is true only if:

    each of those 960 bytes contains exactly one Frame Relay frame - not more
than one frame, and not part of a larger frame that requires more than 960
bytes;

    those bytes do *not* include any HDLC bit-stuffing or byte-stuffing.

If the first of those is untrue, you would need to add code to separate
individual frames, and reassemble frames split between multiple packets, and
hand the *results* of that process to the Frame Relay dissector.

If the second of those is untrue, you would have to undo the bit-stuffing or
byte-stuffing.

I suspect that neither of them are true; if the 960 bytes contain raw bits
taken from a T1, that would strongly indicate to me that neither of them are
true.

> From my nominal experience with Wireshark I understand that scripts can
> readily be created to perform this function; start FR decode at 0010,
> terminate decode after 03CF and then continue this process on all subsequent
> frames received/captured?

If by "scripts" you mean "Lua programs", that would, I think, be possible.

However, as per the above, that might not be sufficient.


You are receiving this mail because:
  • You are watching all bug changes.