Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-dev: Re: [Wireshark-dev] ethernet type

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Wed, 4 Jul 2007 17:41:44 +0200

On Wed, Jul 04, 2007 at 11:57:11AM +0530, Amit Paliwal wrote:
> I registered my proprietary protocol over ethernet and set its typw to say 
> 0x0102.
> to test my application i construct and send a raw ethernet packet from my 
> machine(Windows XP)........
> 
> but wireshark captures ethernet type as 0x0201 which is the network order 
> so i need to manipulate
> my ethernet type to 0x0201, than wireshark receives it as 
> 0x0102............

Well, the Ethernet standard specifies that this field has to be
transmitted most significant byte first (big endian). Also I really
hope that 0x0201 and 0x0102 are only examples and not the real value.
values less than 0x0600 are reserved as length values and will cause
more trouble than it is worth when interacting with ip stacks.

 Ciao
     Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

References:
- [Wireshark-dev] ethernet type
  - From: Amit Paliwal

Prev by Date: Re: [Wireshark-dev] Wireshark 99.5 for HP-UX
Next by Date: [Wireshark-dev] New Internet Message Format (RFC2822) Dissector
Previous by thread: Re: [Wireshark-dev] ethernet type
Next by thread: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
Index(es):
- Date
- Thread