----- Original Message -----
From: "J. Smith"
Sent: Saturday, November 30, 2002 2:34 AM
Subject: [Ethereal-dev] aix fddi captures and TCP Stream Analysis
> Hi.
>
>
> A while back, I reported some problems with the reading of AIX433
> iptrace/tcpdump format tracefiles when capturing on an fddi interface, and
> these problems were quickly solved for which my many thanks :)
>
> But right now I appear to be having another problem with AIX fddi
tracefiles
> when I try to use the TCP Stream Analysis features of Ethereal. When I
load
> an aix433 tcpdump or iptrace fddi capture in the latest release (snapshot
> ethereal-2002-11-29 on Linux), and select a TCP packet, I get the error
> message "Selected packet is not a TCP segment", even though Im really sure
> that it *is* a valid TCP segment. ;) The GUI reports the packet types
> correctly as 'TCP' though, so I guess the problem lies within the TCP
Stream
> Analysis code. Since my AIX433 *ethernet* style captures work correctly
and
> do not seem to have this problem, might this problem somehow be related to
> the previous problem I had with AIX fddi captures ?
The TCP stream analysis code does its parsing of link layer and network
layer itself
and can only handle ethernet as the link layer.
It may be possible to recode the part of TCP stream analysis that extracts
the TCP header to
use a TAP instead and thus make it link layer agnostic.
This has been discussed on the list and may be implemented if someone finds
enough time to both
study the code and implement such changes.
I might have time to look at it in a few weeks but can not promise anything.
Maybe someone else
already looks at it?