Hello again guys,
Sorry for the delay. The procedure Sake Block recommended didn't work.
I first thought it was because there was a trailer, so I tried with
trailer sized 1,2,3 and four (see the packet to see why), but this
didn't work.
There seem to be a bug in DLT_USER configuration page, which make
random characters appear in the "payload" field (it seem to me the
characters are coming from the capture, but I am not sure. I attach a
screenshot, can make more if you need it.
I also attached a sample http packet. I found a packet with as much
clear text as possible, tell me if you need more. This particlular
packet was not classified as LLC, but many others were.
Thank you again for your help.
Aleksander
Siterer Aleksander Veksler <veksler@xxxxxxxxxxxx>:
Siterer Joerg Mayer <jmayer@xxxxxxxxx>:
On Fri, Sep 07, 2007 at 12:23:54AM +0200, Aleksander Veksler wrote:
Anyone have tips on how you loose a few bytes? I get 12 bytes between
the Ethernet header and IP header. This means that wireshark does not
recognize the IP header as, and I can't use any of the wireshark's
advanced features.
Anyone know how to get rid of those bytes, or perhaps what they are?
* My card is Intel Pro/Wireless 3945ABG
* The wireless switch is D-Link DIR-635
* The problem only happens in promiscuous mode, and only to the
packets not directed to my computer
* I attach picture of a window of a sample http packet
* Please help :)
Actually it looks like this packet might have a third mac at the beginning:
Is the length of 02 d7 really correct? Sending a packet would have
helped more than the image you sent and have been smaller.
After the third mac it looks to me that there is an ordinary LLC/SNAP
header.
The LLC dissector attempted to dissect the first 4 bytes, right after
ethernet length. Again, I will have to send full data on Monday.
Thank you for the help!
Ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
�ò������������������������F��������������~������.I�������������E��Ԋ�@�+�TB�R��
����P�j�ڶ�� C�P��^�o��EEEEE;
color: #FFFFFF;
font: 11px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;
white-space: nowrap;
}
.vbmenu_hilite a:link
{
color: #000000;
text-decoration: none;
}
.vbmenu_hilite a:visited
{
color: #000000;
text-decoration: none;
}
.vbmenu_hilite a:hover, .vbmenu_hilite a:active
{
color: #000000;
text-decoration: none;
}
/* ***** styling for 'big' usernames on postbit etc. ***** */
.bigusername { font-size: 14pt; }
/* ***** small padding on 'thead' elements ***** */
td.thead, div.thead { padding: 4px; }
/* ***** basic styles for multi-page nav elements */
.pagenav a { text-decoration: none; }
.pagenav td { padding: 2px 4px 2px 4px; }
/* ***** define margin and font-size for elements inside panels ***** */
.fieldset { margin-bottom: 6px; }
.fieldset, .fieldset td, .fieldset p, .fieldset li { font-size: 11px; }
.navbluebg
{
background: #5F6A79 url(skynetimages/misc/navbluebg.gif) repeat-x top left;
color: #FFFFFF;
font: bold 10px verdana, arial, helvetica;
}
.footerblue
{
background: #5F6A79 url(skynetimages/misc/footerblue.gif) repeat-x top left;
color: #FFFFFF;
font: bold 10px verdana, arial, helvetica;
}
/* ***** don't change the following ***** */
form { display: inline; }
label { cursor: default; }
.normal { font-weight: normal; }
.inlineimg { vertical-align: middle; }
-->
</style>
<!-- / CSS Stylesheet -->
<script typ)=�8Attachment:
bug_1.PNG
Description: PNG image
Attachment:
bug_2.PNG
Description: PNG image
