On 09/14/2010 10:46 PM, Sake Blok wrote:
On 14 sep 2010, at 22:25, Stephen Fisher wrote:
On Tue, Sep 14, 2010 at 03:07:15PM -0500, Gaudineer, Kevin wrote:
All of these traces are showing that the OSPF LS update packets are
malformed.
Is it possible because of the way I did the capture that this is the
reason for the maformed packet showing?
Either that, or perhaps Wireshark isn't recognizing a valid packet
properly. It's also possible that the entire packets aren't being
captured (a snapshot length setting), but typically that limitation is
recorded in the pcap file.
Looks like that is indeed the problem:
Frame 3: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)
and then in the middle of the LS details, the dissection stops...
OSPF LS packets are usually larger. So the 64 bytes on wire is quite misleading
Cheers,
Sake
... so call up Nortel and tell them to fix the pcap tool to write valid pcap
info, with real bytes on the wire values.
Thanks,
Jaap
