Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] AppleTalk fix?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 16 Nov 2006 18:35:09 +0100 (CET)
Hi,

If you can check this, that is great. I've no knowledge of this protocol
nor access to the resources you have.

I found this in a customer trace. I also look them over for anomalies,
This was one of them. Maybe I can pick up some more information when I get
on site.

What does ATALK_PS80211 2D-3 for anyway? Is it a device or AP?

Thanx,
Jaap

On Thu, 16 Nov 2006, didier wrote:

> Hi,
> Le jeudi 16 novembre 2006 ?? 17:31 +0100, Jaap Keuter a ??crit :
> > Hi,
> >
> > See for yourself in the attached capture.
> >
> Thanks, seems to be a trailer cf the 802.3 ethernet packet, I've double
> check with Inside Appletalk, netatalk source code and an OS9 capture,
> all of them use 1 byte + 4 bytes, follow by the zone name.
> What is it? A Zyxel NAS or router? If ATALK_PS8011 2D-3 is really your
> zone name it could be a bug in the router.
>
> Didier
> > Thanx,
> > Jaap
> >
> > On Thu, 16 Nov 2006, didier wrote:
> >
> > > Hi,
> > > Le jeudi 16 novembre 2006 ?? 10:36 +0100, Jaap Keuter a ??crit :
> > > > Hi,
> > > >
> > > > This is a patch for AppleTalk, at least to make one of my captures with
> > > > ZIP (GetNetInfo request) to work. Current dissector misses the Zone
> > > > UINT_STRING by one. At least I assume that it's the Zone string, could be
> > > > an additional string as well.
> > > >
> > > Doesn't seem right.
> > >
> > > >From where these packets are coming? Small capture?
> > > > Index: packet-atalk.c
> > > > ===================================================================
> > > > --- packet-atalk.c	(revision 19908)
> > > > +++ packet-atalk.c	(working copy)
> > > > @@ -1633,8 +1633,8 @@
> > > >        break;
> > > >
> > > >    case 5 :  /* GetNetInfo request */
> > > > -      proto_tree_add_item(zip_tree, hf_zip_zero_value, tvb, offset, 1, FALSE);
> > > > -      offset++;
> > > > +      proto_tree_add_item(zip_tree, hf_zip_zero_value, tvb, offset, 2, FALSE);
> > > > +      offset += 2;
> > > >        proto_tree_add_item(zip_tree, hf_zip_zero_value, tvb, offset, 4, FALSE);
> > > >        offset += 4;
> > > >        proto_tree_add_item(zip_tree, hf_zip_zone_name, tvb, offset, 1,FALSE);
> > > >
> > > > Anyone knowledgeable about AppleTalk wish to give their insight?
> > > >
> > > > Thanx,
> > > > Jaap
> > > >
> > > Didier
> > >
> > >
> > > _______________________________________________
> > > Wireshark-dev mailing list
> > > Wireshark-dev@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > >
> > >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>