https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7247
--- Comment #3 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-05-14 06:10:21 PDT ---
Created attachment 8432
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8432
Fix dissecting packets where sll link layer is not padded with 0s
(In reply to comment #0)
> I am using tshark 1.4.6 on an Ubuntu server to capture traffic on my network.
> Once the traffic is captured, I transfer the -w file output to my workstation,
> where I then import it to Wireshark version 1.6.2. The issue I have noticed is
> that if I do a capture on a single interface, everything looks normal, If i do
> a capture using -i any I get a pile of IPX traffic, in which the source in the
> Linux Cooked Capture may or may not have a mac address that is a device
> registered to my network, but in the Internetwork Packet Exchange, neither the
> source or destination mac addresses are registered to my network. They are BOTH
> machines that I do not have in my network at all. I posted this question on a
> fourm, and they suggested that I open a bug report to see if it was an issue in
> Wireshark.
These packets are incorrectly dissected as IPX traffic.
It looks like that Link-layer address in not padded with 0-s.
Attaching patch should fix it. But bug is somewhere else.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
