Wireshark
the world's foremost network protocol analyzer
Wireshark-bugs: [Wireshark-bugs] [Bug 1702] PPPoE packets in Ethernet captures on Linux have bogus payload lengths
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 2 Sep 2007 22:59:18 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1702 guy@xxxxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|the HTTP HTTP payload is not|PPPoE packets in Ethernet |decoded |captures on Linux have bogus | |payload lengths ------- Comment #1 from guy@xxxxxxxxxxxx 2007-09-02 22:59 GMT ------- The problem is with the PPPoE header; it has nothing to do with HTTP. Either the PPPoE header on the wire is bad, or the Linux networking stack is somehow mangling it. I would bet on the latter, as various bits of networking code in Linux have been known to modify packet data in place without a copy-on-write being done when there's a capture being done on the network adapter, so a modified-in-place packet gets handed to libpcap and thus tcpdump/Wireshark/etc.. We do check for putatively-wrong (or, at least, bogus, as in "there's no need for padding here") PPPoE payload lengths; I've added code to add an "expert" warning for those packets (and to fix the check). Perhaps if we think it's wrong we should just ignore it. -- Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
- Prev by Date: [Wireshark-bugs] [Bug 1814] Capture filters not work when capturing from named pipes.
- Next by Date: [Wireshark-bugs] [Bug 1703] "Filter" dialog in "File"->"Open" not expected
- Previous by thread: [Wireshark-bugs] [Bug 1751] Direction info missing for Bluetooth H4 captures in pcap-format
- Next by thread: [Wireshark-bugs] [Bug 1702] PPPoE packets in Ethernet captures on Linux have bogus payload lengths
- Index(es):