Never had a problem sniffing on ethernet networks before, but now I need to
do some sniffing on token ring. Here's my setup:
IBM ThinkPad 770X with IBM Turbo 16/4 Token-Ring PC Card
Red Hat Linux 7.1 with upgraded libpcap RPM from RH7.2
Ethereal 0.8.18 and 0.9.0 installed from source (tried it with both, both
fail)
When I start the network trace, ethereal (libpcap?) barfs the following to
stdout:
WARNING: unsupported device type 0x320, assuming raw
WARNING: unsupported device type 0x320, assuming raw
Kernel filter, protocol ALL, TURBO mode (63 frames), raw packet socket
Sniffing then starts fine (I see packets of various lengths and
everything), so that would lead me to believe that the device IS supported.
However, IP analysis begins at position 0x00 instead of at position 0x1e.
Because of this, ethereal is unable to dissect any packets.
Any suggestions? Is this an ethereal bug or possibly a libpcap bug?
Regards, Wouter.
---------------------------------------------------------------
Wouter Liefting
Curriculum Owner Linux
IBM Learning Services
Tel. +31 (0)20 513 5057 (IBM)
Tel. +31 (0)252 625 202 (Home office)
Fax. +31 (0)20 513 2322
Internet: liefting@xxxxxxxxxx