Wireshark-bugs: [Wireshark-bugs] [Bug 9427] Dissector for T1-channels-over-raw-Ethernet protocol
Comment # 25
on bug 9427
from Guy Harris
(In reply to comment #24)
> It is my understanding (Brett, please correct me if I am wrong) that all
> that is needed here is a simple script to apply your standard Frame-Relay
> decode to the portion of each packet (the 960 bytes; 0010-03CF).
If by "your standard Frame-Relay decode" you mean the Wireshark dissector for
Frame Relay, that statement is true only if:
each of those 960 bytes contains exactly one Frame Relay frame - not more
than one frame, and not part of a larger frame that requires more than 960
bytes;
those bytes do *not* include any HDLC bit-stuffing or byte-stuffing.
If the first of those is untrue, you would need to add code to separate
individual frames, and reassemble frames split between multiple packets, and
hand the *results* of that process to the Frame Relay dissector.
If the second of those is untrue, you would have to undo the bit-stuffing or
byte-stuffing.
I suspect that neither of them are true; if the 960 bytes contain raw bits
taken from a T1, that would strongly indicate to me that neither of them are
true.
> From my nominal experience with Wireshark I understand that scripts can
> readily be created to perform this function; start FR decode at 0010,
> terminate decode after 03CF and then continue this process on all subsequent
> frames received/captured?
If by "scripts" you mean "Lua programs", that would, I think, be possible.
However, as per the above, that might not be sufficient.
You are receiving this mail because:
- You are watching all bug changes.