I think a block with data that starts at an arbitrary position of the
packet would be useful, but it would be impossible (or at least hard)
for the typical sniffer like Ethereal or tcpdump to dissect it. A
possible solution could be to define a new packet block, so that tools
unable to interpre
Hi Felipe.
I haven't yet thought if it would be better to add it as an option, or as a
field of the IDB.
The idea is quite interesting, my only concern is related to losing some
information that is needed to dissect a packet properly. Suppose you have an
ethernet packet, and you strip the first
