Hi guys, I am a novice on the wireshark developing. As for some reason, I need to get the trailer of Ethernet trailer and displayed with a more readable format, who can tell me where is the code of Ethernet trailer in Wireshark code. Thanks in advance! Best Regards! Sam asked 26 Aug '11, 23:10  Sam edited 30 Aug '11, 12:24  helloworld showing 5 of 6 show 1 more comments |
2 Answers:
Note that Wireshark thinks the Ethernet trailer is the padding added to bring the packet length up to the minimum. If the packet did not need to have a trailer added, or if we cannot determine whether it needed to have a trailer added (e.g., with a protocol that doesn't run atop 802.2 and that doesn't include its own length field), we do not guarantee that all the "extra" data at the end of the packet will be recognized as or treated as a trailer. If your capturing is done in a special fashion, i.e. it's not just done by doing regular libpcap/WinPcap capture on a regular Ethernet adapter, but it's written out as a pcap or pcap-ng file, you might want to request your own pcap link-layer type and have your own dissector for that (perhaps sharing code with the Ethernet dissector). If not, you might want to consider having a preference for the Ethernet dissector to tell it to treat the last 8 bytes of the raw frame data specially. answered 29 Aug '11, 11:33  Guy Harris ♦♦ Harris, thanks for your advice, I will try to tell the Ethernet dissector to treat the last 8 bytes of the raw frame data specially, will tell you once I finish it. Maybe one week later, haha. thanks again. Sam (29 Aug '11, 18:29) Sam (converted your "answer" to a "comment", please see the FAQ) (30 Aug '11, 00:43) SYN-bit ♦♦ |
How about epan/dissectors/packet-eth.c ? answered 27 Aug '11, 03:03  Jaap ♦ Thanks a lot, will check it and get back to you later. Sam (27 Aug '11, 04:01) Sam |
"More readable" in what sense? The trailer is just padding added to the packet to make sure it's at least the minimum packet size; there's no meaningful data in the trailer, so there's nothing more readable than a blob of hex digits.
Harris,
There is a special requirement, we have every packets tagged with eight bytes in the trailer by a device. The eight bytes need to be picked up from the packets and do some analysis.
I will check the packets-eth.c file and find out how to fick up the eight bytes, will let you konw if any further info. Do you have any ideas on this? thanks.
Sam
There's an Ethernet trailer heuristic sub dissector list "eth.trailer" where you can register to.
thanks, Jaap. I will try it.
Sam
i am trying get trailer data from remote computer with PHP codes. I dont know if there is get_ethernet_trailer() function or not. Do you know like this function in PHP?
Maybe somebody's implemented it in phpcap or atop phpcap. I've never worked with PHP, so I have no idea whether anybody's done so.