I have a nice RTP stream encapsulated in DOCSIS headers that works great in Ethereal, but I would like to export the packet capture without the DOCSIS stuff so that I can manipulate it in another protocol analyzer.
Is there any way to rip a layer off?
Frank
Right click on the layer that you want to start decoding at (for example, IP -- the tree below the docsis headers), and click "decode as". Choose "IP" from the list and you'll see everything from an IP standpoint without the docsis headers. :)
BTW, this works for CALEA type cable intercept commands. You can take the mirrored packets and click on the UDP header and choose "Decode as IP" to see the native traffic.