What version of Wireshark are you using?
Use the latest version of Wireshark, which appears to support dissecting packets with a PPP protocol value of 0x0281 as MPLS-over-PPP?
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe

I'm using 1.8.1. I'll try the latest Wireshark. Thanks!

_____________________________________________________________________________________________

From: Guy Harris <***@xxxxxxxxxxxx>
Date: Tue, 22 Jul 2014 00:20:49 -0700
On Jul 21, 2014, at 11:15 PM, Rayne <***@xxxxxxxxx> wrote: > I have some traffic samples where the Layer 2 is PPP and the next protocol field value is 0x0281, which indicates MPLS Unicast. There are 4 bytes following this PPP header before I see the IP header. However, Wireshark has decoded everything after the PPP header as Data. What version of Wireshark are you using? > I can't choose the "Decode As" option in this case, as it is greyed out. How can I force Wireshark to decode the 4 bytes after the PPP header as something else, say MPLS in this case? Use the latest version of Wireshark, which appears to support dissecting packets with a PPP protocol value of 0x0281 as MPLS-over-PPP?