We are currently working with Wireshark version 1.0.13 to parse "PPP protocol" over previously recorded pcap file. When we open our pcap file, "PPP headers" are recognized successfully, also "PPP VJ uncompressed TCP" data can be parsed successfully. On the other hand, "VJ compressed TCP" packets are recognized but not parsed and defines them as "unknown direction". Does it mean that my Wireshark can not parse those packets with "VJ Compressed TCP"? I will send a screenshot from our findings so that you can easily observe what's going on if you ask for it. Eager to wit for your answers, With all best, asked 07 Mar '11, 00:26 Chinar edited 07 Mar '11, 02:34 |
One Answer:
Unfortunately, the compression is done separately for each direction of the PPP traffic, so Wireshark needs to be able to know which direction a packet is going in; not all capture file formats provide that information (and you can't use the source and destination IP addresses to determine that, as those addresses are compressed out of the packets). Pcap format, unfortunately, is one format that doesn't provide it. answered 07 Mar '11, 18:33 Guy Harris ♦♦ |
Try dropping the capture file in CloudShark and see what comes out.