Sorry, I noticed how hard it was to read because it was in HTML. Resending it in plain-text...
Richard Berry
LAN Engineer - Principal
"Si hoc legere scis numium eruditionis habes."
-----Original Message-----
From: Berry, Richard
Sent: Friday, September 13, 2002 11:40 AM
To: 'ethereal-users@xxxxxxxxxxxx'
Subject: Mis-decoded packet?
Hello:
I have another interesting one:
While sniffing multicast traffic, some of my packets are (erroneously) decoded as SNMP. Others are (erroneously) decoded as NBNS. As a result, the info comes up for the SNMP packet:
Error: Couldn't parse message header: Wrong type for that item.
The NBNS packet info is:
Unknown operation (2) unknown Illegal NetBIOS name (character not between A and Z in first-level encoding)[Malformed Packet]
When I look at the same packets in Sniffer Basic, they both decode as HSRP: Hello State=Active.
Here's the hex dump of one of the packets:
ADDR HEX ASCII
0000: 01 00 5e 00 00 02 00 00 0c 07 ac 01 08 00 45 c0 | ..^.......¬...EÀ
0010: 00 30 5e a3 00 00 01 11 34 d3 a1 82 a4 02 e0 00 | .0^£....4Ó¡'¤.à.
0020: 00 02 00 a1 07 c1 00 1c 29 80 00 00 10 03 0a ff | ...¡.Á..)EUR.....ÿ
0030: 01 00 63 69 73 63 6f 00 00 00 a1 82 a4 fa 3c 10 | ..cisco...¡'¤ú<.
0040: 32 e3 | 2ã
Is this a decode issue for Ethereal?
Thanks in advance.
Richard Berry
LAN Engineer - Principal
"Si hoc legere scis numium eruditionis habes."