Ethereal decodes of DOCSIS | docsis.org

You are here

Ethereal decodes of DOCSIS

2 posts / 0 new
Last post
frnkblk
Ethereal decodes of DOCSIS

I have a nice RTP stream encapsulated in DOCSIS headers that works great in Ethereal, but I would like to export the packet capture without the DOCSIS stuff so that I can manipulate it in another protocol analyzer.

Is there any way to rip a layer off?

Frank

DocsisAdmin
Ethereal decodes of DOCSIS

Right click on the layer that you want to start decoding at (for example, IP -- the tree below the docsis headers), and click "decode as". Choose "IP" from the list and you'll see everything from an IP standpoint without the docsis headers. :)

BTW, this works for CALEA type cable intercept commands. You can take the mirrored packets and click on the UDP header and choose "Decode as IP" to see the native traffic.