Ethereal-dev: [ethereal-dev] Ethereal 0.8.4: Viewing IPIP inner packet in packet list, not out

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Santeri Paavolainen <santtu@xxxxxxx>
Date: Mon, 27 Mar 2000 17:38:49 +0300 (EEST)
This was tested on Linux 2.2.14 machine while looking at tunneled IP (in
IPSEC AH tunnel).

Problem: When viewing a list of captured packets in ethereal (the
upper pane), it displays the *inner* headers, not the outer
(transport) headers. This seems to me quite wrong: you want to see the
headers of the packet you captured, not what is inside it..

That is, from the following packet the packet list shows the IPIP
portion, not the first part, which OTOH is used for filter matches,
not the inner.. Maybe the display logic just takes the later decoded
IP header without taking into account that it might not be the outer
IP header, which is the one it wants really to display?

Frame 4 (526 on wire, 526 captured)
    Arrival Time: Mar 27, 2000 17:31:37.4275
    Time delta from previous packet: 0.000000 seconds
    Frame Number: 4
    Packet Length: 526 bytes
    Capture Length: 526 bytes
Ethernet II
    Destination: 00:00:e8:6c:f8:1b (00:00:e8:6c:f8:1b)
    Source: 08:00:20:c0:c8:fb (Sun_c0:c8:fb)
    Type: IP (0x0800)
Internet Protocol
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Currently Unused: 0
    Total Length: 512
    Identification: 0x1cf9
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 240
    Protocol: AH (0x33)
    Header checksum: 0x25aa (correct)
    Source: xxxx.ssh.fi (192.168.2.xx)
    Destination: yyyy.ssh.fi (192.168.2.yy)
Authentication Header
    Next Header: IPIP (0x04)
    Length: 16
    SPI: 0xd5840c25
    Sequence: 0x0000000e
    ICV
Internet Protocol
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Currently Unused: 0
    Total Length: 468
    Identification: 0x30c6
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 370
    Time to live: 62
    Protocol: ICMP (0x01)
    Header checksum: 0xb29b (correct)
    Source: 192.168.10.2 (192.168.10.2)
    Destination: 192.168.11.3 (192.168.11.3)
Data (448 bytes)

-- 
santtu@xxxxxx                    I have become death, destroyer of the worlds.