Got a capture with a wrong sll header and wireshark fails to find the IP header. Any ideas on how to bypass this problem and be able to read the trace anyway?
Thanks and regards Matthias
asked 08 Nov '15, 01:50
edited 08 Nov '15, 04:18
You could use editcap to remove 4 bytes, starting at an offset of 6, from each packet:
or 4 bytes from some other offset if that's what's required to give it the right MAC address - as long as the 0x00 0x00 before the 0x08 0x00 aren't part of the MAC address (if they are, you'd have to have a program remove 6 bytes and add 2 padding bytes before the 0x08 0x00).
answered 08 Nov '15, 04:05
Guy Harris ♦♦