https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5244
--- Comment #11 from Jason Masker <jason@xxxxxxxxxx> 2010-09-23 05:42:11 PDT ---
(In reply to comment #10)
> Also, in the case of my headers the incoming/outgoing bit switch is clearly in
> the fourth octet of the unknown field after the timestamp. In the type II
> headers I've looked at it appears this switch is in the first octet of the last
> unknown header. Has anyone seen captures where the switch appears higher in the
> header where it is currently decoded? I do see this switch flipped in some
> cases, but it does not indicate direction in any of the captures from my
> devices.
I take that back. I just did a capture from a 6500 which does use the currently
decoded incoming/outgoing bit. However, on the 1000v when a capture is set to
'header-type 2' the incoming/outgoing indicator is definitely the second most
significant bit of the field currently marked unknown4. Perhaps the 6500 is
sending a Type I header? The four bits in the ERSPAN header are '0001' for type
2 on the 1000v and '0010' for type 3. ERSPAN from the 6500, which does not
allow setting the header type and sends the older style headers, also sets
these bits to '0001'. I had assumed this was the header-type indicator but that
doesn't explain why 'header-type 2' from 1000v and the header from the 6500
seem to move the direction bit.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
