Wireshark · Ethereal-dev: Re: [Ethereal-dev] Can't open Sniffer trace

[Guy Harris <guy@xxxxxxxxxxxx>]

On Monday, July 7, 2003, at 8:57 AM, Greg Morris wrote:

> Here are the same problem trace files in Lanalyzer format.

Well, they're Ethernet captures, but with a network type other than 
what we've seen in NetXRay/Windows Sniffer captures.

I have a change that treats the network type as a 1-byte field rather 
than a 2-byte field, and that checks the byte *after* the network type 
- if it's 2, it treats the network type as an NDIS type value, and if 
it's 0, it treats it as an NDIS type value - 1, which should handle all 
the captures with 0 the same as it always has, and treats your two 
captures as Ethernet.

I treat all other values for that byte as errors.

I don't know what significance, if any, that byte has.

I've attached a patch with the change.

BTW, there are some packets in the server capture (such as the first 
two) with an IP protocol type of 0xe0; any idea what they are?  (There 
are also some SNAP packets with an OUI of 0x00000c, for Cisco, and a 
protocol ID of 0x2004; does anybody know what *those* are?)

Attachment: patch
Description: Binary data