Ethereal-dev: Re: [Ethereal-dev] Can't open Sniffer trace
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Mon, 7 Jul 2003 23:18:13 +0200
Guy Harris wrote:
>
>On Monday, July 7, 2003, at 8:57 AM, Greg Morris wrote:
>
>> Here are the same problem trace files in Lanalyzer format.
>
>Well, they're Ethernet captures, but with a network type other than
>what we've seen in NetXRay/Windows Sniffer captures.
>
>I have a change that treats the network type as a 1-byte field rather
>than a 2-byte field, and that checks the byte *after* the network type
>- if it's 2, it treats the network type as an NDIS type value, and if
>it's 0, it treats it as an NDIS type value - 1, which should handle all
>the captures with 0 the same as it always has, and treats your two
>captures as Ethernet.
>
>I treat all other values for that byte as errors.
>
>I don't know what significance, if any, that byte has.
>
>I've attached a patch with the change.
>
>BTW, there are some packets in the server capture (such as the first
>two) with an IP protocol type of 0xe0; any idea what they are?
NAI Sniffer shows IP proto 224 (0xe0) as "?"
So no clue there.
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 80 bytes
IP: Identification = 64689
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 224 (?)
IP: Header checksum = 3B45 (correct)
IP: Source address = [160.63.224.152]
> (There are also some SNAP packets with an OUI of 0x00000c, for Cisco, and a
>protocol ID of 0x2004; does anybody know what *those* are?)
NAI Sniffer showed them like below. But as you see "Unknown DISL message type; 25 bytes uninterpreted"
- - - - - - - - - - - - - - - - - - - - Frame 21 - - - - - - - - - - - - - - - - - - - -
ISL: ----- ISL Protocol Packet -----
ISL:
ISL: Destination Address = 01000C0000
ISL: Type = 0 (Ethernet)
ISL: User = 0 (Normal)
ISL: Source Address = 000912DB7B4B
ISL: Length = 80
ISL: Constant value = 0xAAAA03
ISL: Vendor ID = 0x000912
ISL: Virtual LAN ID (VLAN) = 1
ISL: Bridge Protocol Data Unit (BPDU) = 1
ISL: Port Index = 141
ISL: Reserved
ISL:
ETHER: ----- Ethernet Header -----
ETHER:
ETHER: Destination = Multicast 01000CCCCCCC
ETHER: Source = Station 000912DB7B4B
ETHER: 802.3 length = 50
ETHER:
LLC: ----- LLC Header -----
LLC:
LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address)
LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command)
LLC: Unnumbered frame: UI
LLC:
SNAP: ----- SNAP Header -----
SNAP:
SNAP: Vendor ID = Cisco1
SNAP: Type = 2004 (DISL)
SNAP:
DISL: ----- Cisco Dynamic Inter-Switch Link (DISL) Packet -----
DISL:
DISL: Version = 1
DISL:
DISL: Message type = 0x0001 (Domain Name)
DISL: Message length = 11
DISL: Management domain name = "KAPOZH"
DISL:
DISL: Message type = 0x0002 (Status)
DISL: Message length = 5
DISL: Status flag = 04
DISL: 0... .... = Operational state is not trunk
DISL: .... .100 = Configured state: port in default auto mode
DISL:
DISL: Message type = 0x0003 (Unknown)
DISL: Message length = 5
DISL: Unknown DISL message type; 25 bytes uninterpreted
ADDR HEX ASCII
0000: 01 00 0c 00 00 00 00 09 12 db 7b 4b 00 50 aa aa | ....... .Û{K.P..
0010: 03 00 09 12 00 03 00 8d 00 00 01 00 0c cc cc cc | .. .............
0020: 00 09 12 db 7b 4b 00 32 aa aa 03 00 00 0c 20 04 | . .Û{K.2...... .
0030: 01 00 01 00 0b 4b 41 50 4f 5a 48 00 00 02 00 05 | .....KAPOZH.....
0040: 04 00 03 00 05 a5 00 04 00 0a 00 09 12 db 7b 4b | .....¥..... .Û{K
0050: 00 00 00 00 00 00 00 00 00 00 83 e1 26 93 | ...........á&.
- - - - - - - - - - - - - - - - - - - - Frame 51 - - - - - - - - - - - - - - - - - - - -
DISL: ----- Cisco Dynamic Inter-Switch Link (DISL) Packet -----
DISL:
DISL: Destination Address = 01000CCCCCCC
DISL: Source Address = 000BFDFF254C
DISL: Message length = 43
DISL: ----- Pseudo LLC/SNAP Portion -----
DISL:
DISL: LLC = 0xAAAA03
DISL: SNAP Org ID = 0x00000C (Cisco)
DISL:
DISL: HDLC Protocol Type = 0x2004
DISL: Version = 1
DISL:
DISL: Message type = 0x0001 (Domain Name)
DISL: Message length = 14
DISL: Management domain name = "KAPOSIKA1"
DISL:
DISL: Message type = 0x0002 (Status)
DISL: Message length = 5
DISL: Status flag = 03
DISL: 0... .... = Operational state is not trunk
DISL: .... .011 = Configured state: port would like to become trunk
DISL:
DISL: Message type = 0x0003 (Unknown)
DISL: Message length = 5
DISL: Unknown DISL message type; 14 bytes uninterpreted
ADDR HEX ASCII
0000: 01 00 0c cc cc cc 00 0b fd ff 25 4c 00 2b aa aa | ........ý.%L.+..
0010: 03 00 00 0c 20 04 01 00 01 00 0e 4b 41 50 4f 53 | .... ......KAPOS
0020: 49 4b 41 31 00 00 02 00 05 03 00 03 00 05 a5 00 | IKA1..........¥.
0030: 04 00 0a 00 0b fd ff 25 4c 00 00 00 | .....ý.%L...
- - - - - - - - - - - - - - - - - - - - Frame 52 - - - - - - - - - - - - - - - - - - - -
ISL: ----- ISL Protocol Packet -----
ISL:
ISL: Destination Address = 01000C0000
ISL: Type = 0 (Ethernet)
ISL: User = 0 (Normal)
ISL: Source Address = 000BFDFF254C
ISL: Length = 76
ISL: Constant value = 0xAAAA03
ISL: Vendor ID = 0x00000C
ISL: Virtual LAN ID (VLAN) = 1
ISL: Bridge Protocol Data Unit (BPDU) = 1
ISL: Port Index = 0
ISL: Reserved
ISL:
ETHER: ----- Ethernet Header -----
ETHER:
ETHER: Destination = Multicast 01000CCCCCCC
ETHER: Source = Station 000BFDFF254C
ETHER: 802.3 length = 43
ETHER:
LLC: ----- LLC Header -----
LLC:
LLC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address)
LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command)
LLC: Unnumbered frame: UI
LLC:
SNAP: ----- SNAP Header -----
SNAP:
SNAP: Vendor ID = Cisco1
SNAP: Type = 2004 (DISL)
SNAP:
DISL: ----- Cisco Dynamic Inter-Switch Link (DISL) Packet -----
DISL:
DISL: Version = 1
DISL:
DISL: Message type = 0x0001 (Domain Name)
DISL: Message length = 14
DISL: Management domain name = "KAPOSIKA1"
DISL:
DISL: Message type = 0x0002 (Status)
DISL: Message length = 5
DISL: Status flag = 03
DISL: 0... .... = Operational state is not trunk
DISL: .... .011 = Configured state: port would like to become trunk
DISL:
DISL: Message type = 0x0003 (Unknown)
DISL: Message length = 5
DISL: Unknown DISL message type; 18 bytes uninterpreted
ADDR HEX ASCII
0000: 01 00 0c 00 00 00 00 0b fd ff 25 4c 00 4c aa aa | ........ý.%L.L..
0010: 03 00 00 0c 00 03 00 00 00 00 01 00 0c cc cc cc | ................
0020: 00 0b fd ff 25 4c 00 2b aa aa 03 00 00 0c 20 04 | ..ý.%L.+...... .
0030: 01 00 01 00 0e 4b 41 50 4f 53 49 4b 41 31 00 00 | .....KAPOSIKA1..
0040: 02 00 05 03 00 03 00 05 a5 00 04 00 0a 00 0b fd | ........¥......ý
0050: ff 25 4c 00 00 00 6b 3b 30 54 | .%L...k;0T
- Prev by Date: Re: [Ethereal-dev] Can't open Sniffer trace
- Next by Date: Re: [Ethereal-dev] Can't open Sniffer trace
- Previous by thread: Re: [Ethereal-dev] Can't open Sniffer trace
- Next by thread: Re: [Ethereal-dev] Can't open Sniffer trace
- Index(es):
- Get Wireshark
- Download
- Code of Conduct