To: Wireshark-users@wireshark.org
Subject: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
I must be missing something obvious, so hopefully there's an easy answer.
I'm testing Cisco's ip traffic-export (http://tinyurl.com/3yalw4) feature
on a spare 7206VXR. I've
] Decoding packets from a Cisco's ip
traffic-export flow
Frank Bulk wrote:
Thanks! Did you use bittwiste with the '-D' option to remove the first 24
bytes?
Actually: I did it the hard way using Wireshark export, an editor and
then text2pcap. :)
(It's only the first 12 bytes that need to be removed
-users] Decoding packets from a Cisco's ip
traffic-export flow
On Sat, Mar 01, 2008 at 10:30:16AM -0600, Frank Bulk wrote:
Thanks for your willingness to look at this. I'm glad to have a tool like
Wireshark because I can't interpret the raw packets. =)
Attached are three ping packets that my
: Sake Blok [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 02, 2008 8:21 AM
To: [EMAIL PROTECTED]; Community support list for Wireshark
Subject: Re: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
On Sat, Mar 01, 2008 at 03:58:31PM -0600, Frank Bulk wrote:
I used bittwiste
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Young
Sent: Sunday, March 02, 2008 9:55 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
Bill Meier [EMAIL PROTECTED] 2008-03-02 09:28
On additional note: Looking
Subject: Re: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
Good catch!
I used that information to put together a batch file that repairs all the
entries in the packet flow that I have. It came down to 4 different cases.
I basically end up stripping out the PPPoE section
On Sat, Mar 01, 2008 at 10:30:16AM -0600, Frank Bulk wrote:
Thanks for your willingness to look at this. I'm glad to have a tool like
Wireshark because I can't interpret the raw packets. =)
Attached are three ping packets that my Wireshark PC caught. The info line
complains Bogus IP length
On Sat, Mar 01, 2008 at 03:58:31PM -0600, Frank Bulk wrote:
I used bittwiste to remove the first 12 bytes of the attached packet capture
that included a variety of traffic, and you'll see that some packets are
fine, but others, such as 4, 7, 8, etc are not.
Can anyone make sense of it?
As
Sake Blok wrote:
I think it *is* a cisco bug...
I tried to open the bug-tracker, but it seems to be offline at
the moment. I think you should open a case with the Cisco-TAC
for this issue. Feel free to use my analysis in the report.
(if my assumptions on addresses were correct of
Frank Bulk wrote:
Thanks for your willingness to look at this. I'm glad to have a tool like
Wireshark because I can't interpret the raw packets. =)
Attached are three ping packets that my Wireshark PC caught. The info line
complains Bogus IP length (8, less than header length 24).
I see
]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Meier
Sent: Saturday, March 01, 2008 11:24 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
Frank Bulk wrote:
Thanks for your willingness to look at this. I'm glad to have
Frank Bulk wrote:
Ethernet hdr specifying type 0x0800 [IP]
00 12 79 63 1a 8c 00 30 b6 53 00 06 08 00
20 unknown (to me) bytes
b6 53
0010 00 08 00 01 4a 9e 0e 06 88 64 11 00 00 06 00 3e
0020 00 21
looks like a good ip hdr icmp
Frank Bulk wrote:
Thanks! Did you use bittwiste with the '-D' option to remove the first 24
bytes?
Actually: I did it the hard way using Wireshark export, an editor and
then text2pcap. :)
(It's only the first 12 bytes that need to be removed).
The from in your modified capture
:[EMAIL PROTECTED]
Sent: Saturday, March 01, 2008 12:13 PM
To: [EMAIL PROTECTED]; Community support list for Wireshark
Subject: Re: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
Frank Bulk wrote:
Ethernet hdr specifying type 0x0800 [IP]
00 12 79 63 1a 8c 00 30
14 matches
Mail list logo