Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow
From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Sun, 02 Mar 2008 09:28:33 -0500
Sake Blok wrote:
I think it *is* a cisco bug...I tried to open the bug-tracker, but it seems to be offline at the moment. I think you should open a case with the Cisco-TAC for this issue. Feel free to use my analysis in the report.(if my assumptions on addresses were correct of course)
Frank Bulk wrote (in a previous EMail) > I used bittwiste to remove the first 12 bytes of the attached packet > capture that included a variety of traffic, and you'll see that some > packets are fine, but others, such as 4, 7, 8, etc are not. > Can anyone make sense of it?On additional note: Looking at the packets in the longer capture it appears to me that some are messed up in different ways from the first. In addition there are a few packets which seem to have had all the PPOE stuff stripped so that they look like good packets in the original capture.
- Follow-Ups:
- References:
- [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow
- From: Frank Bulk
- Re: [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow
- From: Stephen Fisher
- Re: [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow
- From: Frank Bulk
- Re: [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow
- From: Sake Blok
- [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow
- Prev by Date: Re: [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow
- Next by Date: Re: [Wireshark-users] Decoding packets from a Cisco's "iptraffic-export" flow
- Previous by thread: Re: [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow
- Next by thread: Re: [Wireshark-users] Decoding packets from a Cisco's "iptraffic-export" flow
- Index(es):