This is a static archive of our old Q&A Site. Please post any new questions and answers at

Skip decoding unimplemented protocol?



Is there a way to skip a certain number of bytes in the packet while decoding protocols in a packet using Wireshark? In other words, if Wireshark doesn't support a particular protocol (at the moment), is it possible to 'skip' that protocol but be able to decode the next?

As an example consider a VxLAN encapsulated packet. As per the IETF draft, a VxLAN packet contains the following headers in the given order -

Outer Ethernet Header (including an optional VLAN tag)
Outer IP Header
Outer UDP Header
VxLAN Header
Inner Ethernet Header (including an optional VLAN tag)
Original Ethernet Payload (excluding the original Ethernet FCS)
FCS for Outer Ethernet Frame

The VxLAN header is a fixed 8 byte header - what I'd like is for wireshark to skip the 8 bytes (since VxLAN was just announced and Wireshark doesn't support it yet) but continue to decode the Inner Ethernet Header and beyond.

Basically, give a parameter to "Decode As" to skip a certain number of bytes?

For some reason my post to the wireshark-users mailing list is being discarded although I'm a member of the list - therefore am asking here

asked 09 Sep '11, 08:18

pstavirs's gravatar image

accept rate: 0%

2 Answers:


You may be able to get around this programming your unsupported protocol in Lua.

answered 09 Sep '11, 13:16

Jaap's gravatar image

Jaap ♦
accept rate: 14%


Following Jaap's pointer, I finally got some time to play around with Lua. The results of this tinkering is a VxLAN dissector in Lua - see for the code and accompanying explanation of the code.

Thanks Jaap!

answered 06 Nov '11, 07:49

pstavirs's gravatar image

accept rate: 0%

It's not so difficult to do in C either, a VxLAN dissector Committed revision 39760.

(08 Nov '11, 09:41) Anders ♦