Hi,
I had to dump some RFC2684 atm bridge interfaces for a customer. We
often have some strange messages :
09:09:43.262575 77:9c:7d:60:8:0 c:3f:b4:8:0:0 4500 401:
0183 df1d 0000 7111 96fb 527f 2537 d50b
858f 7325 18ca 016f 36a5 474e 4403 aa2e
0101 789c 9ba2 c714 e861 e421 e01e daa8
fedc d6ea ef23 d5bb d353 7f85 fa3d 13f7
60f3 730c aa57 353f 25e1 c012 16e4 18e5
e8c1
It seems tcpdump looses the link header (2bytes) and that consequently
the whole packet reading is shift. We've found that because we know that
the source mac address is :
00:00:77:9c:7d:60
Furthermore, the protocol is 0800 thus explaining the last 2 bytes of
the MAC address.
Same problem occurs when testing it on an ATM clip interface.
This is weird but it does only occur on some packets mainly TCP one (as
we can guess from packet content) other are correctly parsed.
Is this a known problem ?
We've tested with a old 2.7.x and with the last 2.8.3. As it is a
production environnement I can not try CVS.
BR,
--
Éric Leblond, [EMAIL PROTECTED]
Téléphone : 01 44 89 46 40, Fax : 01 44 89 45 01
INL, http://www.inl.fr
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
