Wireshark · Ethereal-users: Re: [Ethereal-users] Partial packets dump & crash

[Bart Braem <bart.braem@xxxxxxxxx>]

On Fri, 15 Oct 2004 00:19:53 -0700, Guy Harris <gharris@xxxxxxxxx> wrote:
> Bart Braem wrote:
> 
> > The click modular router is writing them in tcpdump format. They are
> > not containing any information regarding the ethernet header...
> 
> But what's the link-layer header type value in the file header?  It
> should be DLT_RAW if the packets have only an IP header.
> 

You're right currently it's DLT_EN10MB. That should be changed, right?

> > It's quite easy actually: select one packet in the time-ordered list
> > and select decode. In that menu change to no decoding and confirm.
> > Voila, crashed.
> 
> I.e., select "Do not decode" in the "Decode As" dialog box?  Which tab
> is selected - Network, or Transport?
> 

I only have one tab, the link tab (which contains "Ethertype 0xc0a8
as"). Then selecting do not decode and hitting enter/pressing ok
crashes Ethereal.

I hope this gives you enough information, I think I know enough to
solve the missing ethernet header in the Click sources. Don't hesitate
to contact me regarding the crash however.

Thanks
Bart
-- 
"May the source be with you"