On Jan 30, 2008, at 11:00 AM, Daniel Koepke wrote: > Sorry for the delay, was pulled in different directions > > Here is a sample of the scan taken today
How did you do that capture? With what type of machine are you capturing? At least some of the packets appear to have been damaged in the process of capturing. The first packet, for example, has an Ethernet type field value of 0, which is not a valid type value (or length value) - Wireshark interprets that as Fibre Channel because of the way some Cisco equipment works (I think some Cisco Fibre Channel equipment can dump internal traffic, and it looks like Ethernet traffic with an all-zero type field). The third packet has an Ethernet type value of 0xffff, which is also not a valid type value (or length value). The first byte *after* the bogus Ethernet type values in those packets is 0x45 in both packets, so they look as if they might be IP packets - and, if I use the Analyze > Decode As menu item to force Wireshark to decode 0xffff as IP, those packets, at least, are IP packets; unfortunately, as the Ethernet type value for those packets isn't the type value for IP, so Wireshark (correctly) doesn't decode them as IP packets by default. Perhaps there's something wrong with the hardware you used to capture the traffic, or with the low-level software doing the capture (OS, drivers, etc.). _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
