Ethereal-users: [Ethereal-users] Ethereal PIM-Decode on WinNT 4.0 machine
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Heilmaier, Alois" <Alois.Heilmaier@xxxxxx>
Date: Fri, 27 Dec 2002 15:50:51 +0100
Hi,
I use Ethereal Version 0.9.8 (same problem in 0.9.6)
I Captured the packets with another tool in Sniffer (.enc) format some PIM
packets.
When try to decode a PIM JOIN/PRUNE message I will get only one multicast
group entry but there should be 2 multicast-groups.
If you look at the decode you will see thath there is only the first group
address seen.
The second group addresse (224.0.1.40 == e0 00 01 28 hex) does not appear in
the decode but in the hex code I see the rest of
the PIM packet.
Has anybody watched the same problem ?
Any further suggestions ?
Regards
Alois
Frame 887 (104 bytes on wire, 104 bytes captured)
Arrival Time: Dec 12, 2010 10:49:56.963999000
Time delta from previous packet: 0.001004000 seconds
Time relative to first packet: 68.474010000 seconds
Frame Number: 887
Packet Length: 104 bytes
Capture Length: 104 bytes
Ethernet II, Src: 00:0a:8a:19:e4:90, Dst: 01:00:5e:00:00:0d
Destination: 01:00:5e:00:00:0d (01:00:5e:00:00:0d)
Source: 00:0a:8a:19:e4:90 (Cisco_19:e4:90)
Type: IP (0x0800)
Internet Protocol, Src Addr: 2.205.250.10 (2.205.250.10), Dst Addr:
224.0.0.13 (224.0.0.13)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN:
0x00)
1100 00.. = Differentiated Services Codepoint: Class Selector 6
(0x30)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 90
Identification: 0x8d75
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 1
Protocol: PIM (0x67)
Header checksum: 0x4e23 (correct)
Source: 2.205.250.10 (2.205.250.10)
Destination: 224.0.0.13 (224.0.0.13)
Protocol Independent Multicast
Version: 2
Type: Join/Prune (3)
Checksum: 0x0408 (correct)
PIM parameters
Upstream-neighbor: 2.205.250.2
Groups: 2
Holdtime: 210
Group 0: 224.0.1.39/32
Join: 1
IP address: 2.205.254.2/32 (SWR)
Prune: 0
0000 01 00 5e 00 00 0d 00 0a 8a 19 e4 90 08 00 45 c0 ..^...........E.
0010 00 5a 8d 75 00 00 01 67 4e 23 02 cd fa 0a e0 00 .Z.u...gN#......
0020 00 0d 23 00 04 08 01 00 02 cd fa 02 00 02 00 d2 ..#.............
0030 01 00 00 20 e0 00 01 27 00 01 00 00 01 00 07 20 ... ...'.......
0040 02 cd fe 02 01 00 00 20 e0 00 01 28 00 01 00 02 ....... ...(....
0050 01 00 07 20 02 cd fe 02 01 00 04 20 02 cd fa 02 ... ....... ....
0060 01 00 04 20 02 cd fa 01 ... ....
OE 531TQS
IZB Informatik-Zentrum
München-Frankfurt a.M. GmbH & Co.KG
Karolinenplatz 1
80333 München
www.izb.net
Tel: 089/2171-21391
Fax: +49-89-590681336
ahei@xxxxxx
---------------------------------------------------------------
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.
---------------------------------------------------------------
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail.
Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbidden.
---------------------------------------------------------------
- Prev by Date: Re: [Ethereal-users] SMB parser source code in "Ethereal"
- Next by Date: Re: [Ethereal-users] Ethereal PIM-Decode on WinNT 4.0 machine
- Previous by thread: Re: [Ethereal-users] Are there any tools which can analyze the packets captured by Ethereal?
- Next by thread: Re: [Ethereal-users] Ethereal PIM-Decode on WinNT 4.0 machine
- Index(es):