Wireshark · Ethereal-dev: Re: [ethereal-dev] Null headers and decoding data from an arbitrary position in packet

[Guy Harris <gharris@xxxxxxxxxxxx>]

> I am interested in adding another feature to Ethereal. I have seen a
> capture file that seems to be from a Cisco to Cisco sync link, where each
> frame had 0xFF000800 on the front.  
> 
> It was clear that the packets were IP; they started with 0x45.

I.e., they had

	0xFF 0x00 0x08 0x00 0x45 ... ?

If so, it may also be clear that they're IP from the 0x08 0x00 - that
looks suspiciously like the Ethernet packet type for IP.

Now I'm curious what the 0xFF 0x00 is - what type of capture file was it
(i.e., was it "tcpdump"/"libpcap", or Sniffer, or...), and what type of
sync link was it?

I.e., this may not be a null header, it may be some other encapsulation
for which we may want to add support.

(An AltaVista search for

	"FF 00 08 00 45"

found nothing - but it *did* offer me the opportunity to

	Find Products and Comparison shop for "FF 00 08 00 45"

and if I clicked on that link, it said

	Shopping search found 0 matches. Try refining your search below. 

	   What product do you want to buy? 
                                          

		[text box] 	Type in a specific product, keyword,
				or product/part number

	   What features do you want? 
                                   

		[text box]	Type in the specific product features
				(Ex: Dolby, DTS compatible, etc.) 

	   What brands do you like? 
                                

		[text box]	Type in the manufacturer or brand
				name (Ex. SONY, Panasonic, etc.) 

Computers' literal-mindedness can be *so* amusing at times....)