Wireshark mailing list archives
DOCSIS
From: Martin Dubuc <martind1111 () gmail com>
Date: Tue, 24 Aug 2010 14:26:00 -0400
I am trying to decode the packet output from a Cisco CMTS with Wireshark, but I haven't succeeded doing so up to now. The packet output was the result of capturing packets out of the analyzer port after configuring the CMTS using the cable monitor and intercept commands (my assumption is that the packet output is in a DOCSIS 1.0 format). I have read in one of the Wireshark documentation page that there is a DOCSIS decode option in the Edit/Preferences... dialog under the Frame protocol, but this does not match my packet output. When I enable this option, WIreshark interprets the first 6 bytes of each frames as DOCSIS header, then the rest as ethernet frames. The packet output that I get from my Cisco CMTS is formatted as follows: 14-byte Ethernet header 20-byte IP header 8-byte UDP header 14-byte Ethernet header 20-byte IP header ... I believe that the first 42 bytes is what the Cisco CMTS prepends to the actual user traffic. I would like Wireshark to strip these 42 bytes on the display so that I can zoom in on the actual user traffic. First of all, I would like to know if this format is actually DOCSIS or not. I would then like to know how I can tell the system to ignore the 42 bytes when displaying the packets. Martin
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- DOCSIS Martin Dubuc (Aug 24)
- Re: DOCSIS Guy Harris (Aug 24)
- Re: DOCSIS Guy Harris (Aug 24)
- Re: DOCSIS Martin Dubuc (Aug 24)
- Re: DOCSIS Guy Harris (Aug 24)