ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [ethereal-dev] sniffer is screwy - it messes with the content of packets as it d

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Neulinger, Nathan R." <nneul@xxxxxxx>
Date: Wed, 8 Dec 1999 16:33:33 -0600 
I have two traces - one on ethereal, one on the sniffer, of the same data.
All of the opcodes (2 bytes) for the AARP requests on the sniffer are
byte-swapped in the byte view itself.

i.e. Ethereal has 01 00, which doesn't match up to anything in the opcode
table for aarp disection
     Sniffer has 00 01, which is a lookup request

Either the sniffer is editing the packet data inline, or it's another one of
those 'editing the packet in place' things like the NFS packet stuff w/ the
linux kernel. 

I'm a little hesitant to change the ethereal code to use pletohs() on the
number, just in case this aarp code actually worked somewhere else -
although it does appear to be incorrectly directly accessing the packet data
as shorts (possibly will cause alignment issues, as has been discussed
before.)

Any thoughts?

I can send a sample trace if you'd like. 

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@xxxxxxx
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube