Wireshark · Ethereal-users: Re: [Ethereal-users] Weird Cisco packet?

Ethereal-users: Re: [Ethereal-users] Weird Cisco packet?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Fri, 5 Oct 2001 14:14:10 -0700 (PDT)

> However, that's all I know about it.  You'll probably have to try
> searching the Web in general, or the Cisco Connection Documentation:
> 
> 	http://www.cisco.com/univercd/home/home.htm
> 
> to see if you can find anything about it.  The SNAP PID is all zeroes.

A Web search for 004096 found a patch to the Linux kernel that added the
Aironet 4500 driver.

That driver looks as if it treats a SNAP packet with 00-40-96 as the
OUI, 0000 as the PID, and the first two bytes of the payload, when
treated as a big-endian 16-bit quantity, having the upper 4 bits being
0001, as an "802.1H data packet".

However, the frame in question

	1) doesn't have the first two bytes of the payload match the
	   above

and

	2) doesn't look as if the Linux code in question would handle it
	   correctly if it did

and 802.1H doesn't discuss frames that look like that, so that doesn't
seem to help.

References:
- Re: [Ethereal-users] Weird Cisco packet?
  - From: Guy Harris

Prev by Date: [Ethereal-users] Display Etherent Frame Length
Next by Date: Re: [Ethereal-users] Display Etherent Frame Length\
Previous by thread: Re: [Ethereal-users] Weird Cisco packet?
Next by thread: RE: [Ethereal-users] Weird Cisco packet?
Index(es):
- Date
- Thread