On Tue, Jul 30, 2002 at 11:39:48AM +1000, ALEX LAM wrote:Sorry... 120 is a network type I hacked into ethereal 0.9.5 to support my frame
Attached is a sniffer trace that will hang 0.9.5 because the protocol
field in the IP header (0x47) is bad.
Well, when I try running the current CVS version, it reports
The file "/tmp/TEST4.bad.dat" is a capture for a network type that Ethereal doesn't support.
and prints to the console
Message: pcap: network type 120 unknown or unsupported
That network type wasn't supported in 0.9.5, either; I have the
description of the Aironet header, but I don't yet know what all the
fields in it are.
format. It is Aironet header, but with more proprietry stuff... To reproduce
the hanging effect with the CVS version, one will need to hexedit a good capture
with an invalid protocol number...
Hmmm... yes, that make sense... perhaps ethereal should have the option for allowingIn fact, parts of the IP header is erronous. Everything works fine when I change 0x47 from the erronous 0x2e to 0x11 (UDP)
Perhaps ethereal should stop parsing when it realises that the packet is
erronous.
Or perhaps it should have the bugs that cause it to loop when it sees
bad data fixed, so that if erroneous packets are captured, but fields
*following* the erroneous field are invalid, it can, if possible, still
dissect those fields, in case they have useful information to whoever's
trying to debug the problem causing erroneous packets to be transmitted.
the user to decide whether parsing should or should not stop once error is encountered...
Alex
