I found in my vlan traces that I have some packets that look to be using a
different frame type.
>From the code in some of the other capture files I was able to come up with
this in packet-vlan, but I don't know what to fill in, or what the right way
to do this is.
if ( encap_proto <= IEEE_802_3_MAX_LEN) {
#if 0
if ( pd[offset+4] == 0xff && pd[offset+5] == 0xff ) {
dissect_ipx(pd,offset+4,fd,tree);
/* should capture_ipx */
} else {
dissect_llc(pd,offset+4,fd,tree);
/* should capture_llc */
}
#else
dissect_data(pd,offset+4,fd,tree);
/* I don't know what to here, so am just doing as data for now */
#endif
} else {
ethertype(encap_proto, offset+4, pd, fd, tree, vlan_tree,
hf_vlan_etype);
}
Part of the problem is, I'm not sure what I'm looking at with those other
frames...
Here is an example frame:
0000 01 00 0c cc cc cd 00 50 3e b4 e4 66 81 00 00 06 .......P >..f....
0010 00 32 aa aa 03 00 00 0c 01 0b 00 00 00 00 00 20 .2...... ........
0020 00 00 d0 63 8d e8 05 00 00 00 04 80 00 00 10 2f ...c.... ......./
0030 17 4e 05 82 17 01 00 14 00 02 00 0f 00 00 00 00 .N...... ........
0040 00 02 00 06
The "00 32" at 0010 is the encapsulated ethertype in the vlan packet.
Could someone more familiar with this low level decode fill out the details
of packet-vlan.c.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@xxxxxxx
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
