Is there a way to skip a certain number of bytes in the packet while decoding protocols in a packet using Wireshark? In other words, if Wireshark doesn't support a particular protocol (at the moment), is it possible to 'skip' that protocol but be able to decode the next?
As an example consider a VxLAN encapsulated packet. As per the IETF draft, a VxLAN packet contains the following headers in the given order -
Outer Ethernet Header (including an optional VLAN tag)
The VxLAN header is a fixed 8 byte header - what I'd like is for wireshark to skip the 8 bytes (since VxLAN was just announced and Wireshark doesn't support it yet) but continue to decode the Inner Ethernet Header and beyond.
Basically, give a parameter to "Decode As" to skip a certain number of bytes?
For some reason my post to the wireshark-users mailing list is being discarded although I'm a member of the list - therefore am asking here
asked 09 Sep '11, 08:18
You may be able to get around this programming your unsupported protocol in Lua.
answered 09 Sep '11, 13:16
Following Jaap's pointer, I finally got some time to play around with Lua. The results of this tinkering is a VxLAN dissector in Lua - see http://www.lovemytool.com/blog/2011/11/analyzing-vxlan-packets-using-wireshark-by-srivats-p.html for the code and accompanying explanation of the code.
answered 06 Nov '11, 07:49