On Thu, Jan 16, 2003 at 08:22:35PM +0300, Vladimir Lancov wrote:
> 1.If anybody knows, tell me please where can I find description of Ethereal's
> capture file format (libpcap file)?
http://www.tcpdump.org/lists/workers/2002/04/msg00096.html
> 2. After sniffing RealPlayer, Ethereal produces console window with repeating
> messages: "Frame 226: rtsp: unknown transport".
> What does that mean?
It means that
1) the network trace includes RTSP packets that specify a
transport that doesn't begin with "rtp/" (which means
Ethereal doesn't understand how to specify that subsequent
traffic on a connection set up with that RTSP packet should
be dissected as a particular type of traffic)
and
2) the author of the RTSP dissector decided to have it print out
a warning to note that.
> What to do with it?
1) remove the warning, and just have
"rtsp_create_conversation()" silently return;
2) figure out how to handle that transport.
> 3. Why Ethereal's protocol dissector doesn't recognize Yahoo Messenger
> protocol (YMSG) packets, despite of its presence in protocol list?
Because those packets either
1) aren't being sent to or from the port the dissector thinks is
the Yahoo port (port 5050)
and
2) aren't at the beginning of TCP segments or don't begin with
"YPNS" or "YHOO"
or
3) take more than one TCP segment, in which case the first TCP
segment will be recognized *IF* the packet starts at the
beginning of the segment (and begins with "YPNS" or "YHOO")
but subsequent segments won't be recognized).
