Ethereal-dev: [Ethereal-dev] IS-IS CLNP decoding of ethereal vs sniffer
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Zuidweg, R (Rob)" <zuidweg@xxxxxxxxxx>
Date: Tue, 19 Dec 2000 13:23:02 +0100
L.S. A question regarding CLNP packet decoding. I'm using ethereal to troubleshoot IS-IS networks and found that CLNP error reports are decoded differently between ethereal and NAI's sniffer. In case of a destination unknown package, the sniffer decodes the CLNP error-report PDU as well as the CLNP data PDU. Ethereal only decodes the error report PDU. In order to find out the original SA and DA decoding of the data PDU is also required. Is it a bug that after the first cnlp packet in a frame other cnlp packets are no longer decoded, or is this a design choice? One other unrelated question is: what is the function of the plugins? Is there any documentation on either plugin types or formats to create your own? I'll include the following files to show the difference in decoding for ethereal and sniffer erpdu.etr CLNP error report in libpcap format ernpdu.txt decoded tect by ethereal sniffer.txt decoded text by sniffer <<ernpdu.etr>> <<ernpdu.txt>> <<sniffer.txt>> With kind regards, Rob Zuidweg Lucent Technologies O Customer Technical Support -SDH * +31 35 687 5328 * +31 35 687 5971 FAX * +31 35 687 1555 Help Desk *mailto:zuidweg@xxxxxxxxxx * P.O. Box 18 Botterstraat 45 1270 AA Huizen The Netherlands
Attachment:
ernpdu.etr
Description: Binary data
Frame 41620 (140 on wire, 140 captured) Arrival Time: Oct 26, 2000 11:04:00.6878 Time delta from previous packet: 0.000000 seconds Frame Number: 41620 Packet Length: 140 bytes Capture Length: 140 bytes IEEE 802.3 Destination: 00:60:b0:b6:ea:0a (00:60:b0:b6:ea:0a) Source: 00:60:1d:0f:02:25 (00:60:1d:0f:02:25) Length: 126 Logical-Link Control DSAP: ISO Network Layer (0xfe) IG Bit: Individual SSAP: ISO Network Layer (0xfe) CR Bit: Command Control field: U, func = UI (0x03) 000. 00.. = Unnumbered Information .... ..11 = Unnumbered frame ISO 8473 CLNP ConnectionLess Network Protocol Network Layer Protocol Identifier: CLNP (0x81) HDR Length : 58 Version : 1 Holding Time : 50 (25 secs) PDU Type : 0x01 (ER) PDU length : 123 Checksum : 0x0000 DAL : 20 DA : [39|00:00][80|00:00:00|00:00][00:00|10:10][00:60:b0_b6:ea:0a][01] SAL : 20 SA : [39|00:00][80|00:00:00|00:00][00:00|10:00][00:60:1d_0f:02:25][00] ### Option Section ### Priority : 0 Reason for discard {Address} : Destination Address unknown, in field 0 Data (65 bytes) 0 0060 b0b6 ea0a 0060 1d0f 0225 007e fefe .`.....`...%.~.. 10 0381 3a01 3201 007b 0000 1439 0000 8000 ..:.2..{...9.... 20 0000 0000 0000 1010 0060 b0b6 ea0a 0114 .........`...... 30 3900 0080 0000 0000 0000 0010 0000 601d 9.............`. 40 0f02 2500 cd01 00c1 0281 0081 3c01 32bc ..%.........<.2. 50 0041 0000 1439 0000 8000 0000 0000 0000 .A...9.......... 60 1010 0060 1d0f 01fb 0114 3900 0080 0000 ...`......9..... 70 0000 0000 0010 1000 60b0 b6ea 0a01 9b6e ........`......n 80 0000 0041 cd01 0004 62f6 037b ...A....b..{
- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - - Frame Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary 1 39000080000000000 39000080000000000 140 000:00:00.000 0.000.000 26-10-2000 11:04:00 CLNP: Error Report D=390000800000000000000010100060B0B6EA0A01, S=3900008000000000000000100000601D0F022500 DLC: ----- DLC Header ----- DLC: DLC: Frame 1 arrived at 11:04:00.0000; frame size is 140 (008C hex) bytes. DLC: Destination = Station 0060B0B6EA0A DLC: Source = Station 00601D0F0225 DLC: 802.3 length = 126 DLC: LLC: ----- LLC Header ----- LLC: LLC: DSAP Address = FE, DSAP IG Bit = 00 (Individual Address) LLC: SSAP Address = FE, SSAP CR Bit = 00 (Command) LLC: Unnumbered frame: UI LLC: CLNP: ----- ISO Network Layer ----- CLNP: CLNP: Protocol ID = 81 (ISO Connectionless Network Protocol) CLNP: Header length = 58 CLNP: Version / Protocol ID extension = 01 CLNP: Remaining PDU lifetime is 25.0 seconds CLNP: Flags/type byte = 01 CLNP: 0... .... = Segmentation not permitted CLNP: .0.. .... = Last segment CLNP: ..0. .... = Error not reported if frame discarded CLNP: ...0 0001 = Error report PDU CLNP: Segment length = 123 CLNP: Checksum = 0000 CLNP: Destination address : CLNP: Length = 20 CLNP: Format = 39 (ISO DCC Binary) CLNP: Address = 390000800000000000000010100060B0B6EA0A01 CLNP: Source address : CLNP: Length = 20 CLNP: Format = 39 (ISO DCC Binary) CLNP: Address = 3900008000000000000000100000601D0F022500 CLNP: PDU priority is 0 CLNP: Reason for discard = 81 (Destination unknown) CLNP: CLNP: CLNP: ----- ISO Network Layer ----- CLNP: CLNP: Protocol ID = 81 (ISO Connectionless Network Protocol) CLNP: Header length = 60 CLNP: Version / Protocol ID extension = 01 CLNP: Remaining PDU lifetime is 25.0 seconds CLNP: Flags/type byte = BC CLNP: 1... .... = Segmentation permitted CLNP: .0.. .... = Last segment CLNP: ..1. .... = Report error if frame discarded CLNP: ...1 1100 = Data PDU CLNP: Segment length = 65 CLNP: Checksum = 0000 CLNP: Destination address : CLNP: Length = 20 CLNP: Format = 39 (ISO DCC Binary) CLNP: Address = 3900008000000000000000101000601D0F01FB01 CLNP: Source address : CLNP: Length = 20 CLNP: Format = 39 (ISO DCC Binary) CLNP: Address = 390000800000000000000010100060B0B6EA0A01 CLNP: Data unit identifier = 9B6E CLNP: Segment offset = 0 CLNP: Total length = 65 CLNP: PDU priority is 0 CLNP: ISO_TP: ----- ISO Transport Layer ----- ISO_TP: ISO_TP: Header length = 4 ISO_TP: TPDU type = 6 (Ack) ISO_TP: Destination reference = F603 ISO_TP: Next expected sequence number = 123 ISO_TP: Credit value = 0 ISO_TP: ADDR HEX ASCII 0000: 00 60 b0 b6 ea 0a 00 60 1d 0f 02 25 00 7e fe fe | .`.¶ê..`...%.~.. 0010: 03 81 3a 01 32 01 00 7b 00 00 14 39 00 00 80 00 | .:.2..{...9.... 0020: 00 00 00 00 00 00 10 10 00 60 b0 b6 ea 0a 01 14 | .........`.¶ê... 0030: 39 00 00 80 00 00 00 00 00 00 00 10 00 00 60 1d | 9.............`. 0040: 0f 02 25 00 cd 01 00 c1 02 81 00 81 3c 01 32 bc | ..%.Í.....<.2¼ 0050: 00 41 00 00 14 39 00 00 80 00 00 00 00 00 00 00 | .A...9.......... 0060: 10 10 00 60 1d 0f 01 fb 01 14 39 00 00 80 00 00 | ...`...û..9..... 0070: 00 00 00 00 00 10 10 00 60 b0 b6 ea 0a 01 9b 6e | ........`.¶ê..n 0080: 00 00 00 41 cd 01 00 04 62 f6 03 7b | ...AÍ...bö.{
- Follow-Ups:
- Re: [Ethereal-dev] IS-IS CLNP decoding of ethereal vs sniffer
- From: Guy Harris
- Re: [Ethereal-dev] IS-IS CLNP decoding of ethereal vs sniffer
- Prev by Date: Re: [Ethereal-dev] GPRS tunnelling protocol(GTP)
- Next by Date: R: R: [tcpdump-workers] Re: R: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
- Previous by thread: [Ethereal-dev] Re: SNIA-CIFSSPEC: Date formats returned by Windows NT 4.0 in SMBgetatr request
- Next by thread: Re: [Ethereal-dev] IS-IS CLNP decoding of ethereal vs sniffer
- Index(es):