> >If that's checking for the OUI in the mostly-looks-like-Ethernet-plus-802.2-
> >plus-SNAP header, I have a trace here (sent to one of the Ethereal
> >mailing lists, I think) where the HSA field (which is in the position
> >that would correspond to the OUI field in that header) has the value
> >0x00107b, rather than 0x00000c...
> >I have another one with 0050d1, ...
>
> Bummer. I guess it's not surprising that Cisco's web page about
> how it works is wrong where it says "This field must be 0x00000c".
Maybe I'm misunderstanding something - but I believe ISL encapsulation
can still be determined from 40 bits of the destination address field
pluss DSAP = SSAP = 0xaa. What is *inside* the ISL encapsulated packet
is another matter entirely - I'm not the least bit surprised that Cisco
has several OUIs since they have bought up several other manufacturers
of LAN equipment (eg. Kalpana, Crescendo).
Thus I believe 0x00107b or 0x0050d1 in the HSA field is not a problem,
since this field is not used to determine whether this is an ISL packet
or not.
Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
