Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Roofnet Dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Nicola Arnoldi <nicola.arnoldi@xxxxxxxxxxxx>
Date: Sat, 16 Dec 2006 14:18:43 +0100
Ok guys, the dissector Sebastien sent a few messages ago was perfect.

Anyhow, I just can decode the roofnet header, and not the data field
contained in it.

Can you help me?

Nicola

Il giorno gio, 14/12/2006 alle 13.18 +0100, Nicola Arnoldi ha scritto:
> On lun, 2006-12-11 at 13:01 +0100, Sebastien Tandel wrote: 
> > Hi Nicola,
> > 
> > 
> >    I've written the first version of the dissector. It only does not
> > send data to others dissectors for the moment.
> > I've ran it against your capture file and checked some packets.  I've
> > seen two roofnet nodes : 5.175.114.207, 5.175.113.111, is it right?
> > 
> >   But ... yes, there is one :) ... see the following
> > 
> > Obviously, roofnet has several ethernet types. It uses at least 0x0641,
> > 0x0643, 0x0644 and 0x0645. It seems like if each of these types
> > identifies one roofnet packet type.
> > 
> > To what I've seen there are :
> > - 2 packets 0x0644 identified as data and broadcasted, one for each node.
> > - 1 packet 0x0645 identified as a reply
> > - a bunch of 0x0643 packets identified as data ... obviously the TCP
> > connection
> > - and 4 packets 0x0641 with a roofnet type of *0* which is not possible
> > with the definition you provide me
> > Is it the query type?
> 
> The EtherType is modified by the Click router, so don't worry about
> that. The Hex value would be perfect! 
> > 
> > Another thing, looking at the version field. I noticed it was not the
> > same for all the packets!
> > 0x0643, 0x0644 and 0x0645 = 12
> > and again *0x0641* = 4
> > 
> > Furthermore if length data field seems to be correct ... cksum does not
> > seem to be computed for each frame :-/
> 
> No, the checksum is not yet computed. Roofnet is still in its infancy
> and our implementation is really ... experimental. 
> 
> A clarification on the 'next' field.
> 'Next field' is an integer which tells which of the N hops has to be
> considered the next and is updated at each relaying node.
> 
> Forward is a link metric in the forward direction on a certain link (you
> see that this value is present for each link contained in roofnet
> header).
> The same happens for rev, which is a forward metric.
> 
> NOTE THAT THEY ARE NOT IP ADDRESSES
> 
> NICOLA
> 
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube