[Uwe Girlich <Uwe.Girlich@xxxxxxxxxxx>]

Hello!

On Mon, Jul 24, 2000 at 11:32:15PM -0700, Guy Harris wrote:
> If Ethereal can't read that capture file, that's a bug; it not only
> includes code to handle 0xa1b2cd34, it even includes code to attempt to
> handle earlier versions of Kuznetzov's patches (as appear in, for
> example, Red Hat 6.1) which change the layout but do *not* change the
> magic number.
> 
> What happened when you tried to read it with Ethereal?
It detects the "modified libpcap" but interprets the content totally wrong
(one malformed IEEE frame, popup-window: the capture file appears to be
damaged or corrupt).

I attach the (gzipped) trace and the patch SuSE made on tcpdump.
Oh, and I had it wrong first, the SuSE tcpdump sees now also all loopback
packets twice.

> > Something like dissect_padding() in dissect_ip() to mark the bytes behind the
> > IP data as padding would be nice.
> This was suggested earlier; I'd like to come up with some way not to
> oblige dissectors above the Ethernet dissector to know about this, as
> 	1) the padding is a characteristic of Ethernet, not of IP or IPX
> 	   or..., so dissectors above Ethernet shouldn't be the ones to
> 	   handle it;
But dissect_ethernet() has no knowledge over the actual length of the data.

Bye, Uwe

Attachment: zup.gz
Description: application/gunzip

Attachment: linux-ping.gz
Description: application/gunzip