Ethereal-users: [Ethereal-users] IGMP v1 or v2?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Nicoson Dave <dave.nicoson@xxxxxxxxxxx>
Date: Wed, 23 Jul 2003 13:50:53 -0500
With older versions of ethereal (specifically 08.13C) and windump, the
attached packet is decoded as IGMP V1.  This would seem to be correct, as
the type field=0x12.

C:\Program Files\Ethereal>windump -n -r igmp2.enc
18:29:43.099375 IP 172.17.40.34 > 239.0.0.0: igmp v1 report 239.0.0.0

But with ethereal 0.9.13a, it's decoded as igmp V2:
C:\Program Files\Ethereal>tethereal -V -r igmp2.enc

Frame 1 (60 bytes on wire, 60 bytes captured)
    Arrival Time: Jul 21, 2003 18:29:43.099375000
    Time delta from previous packet: 0.000000000 seconds
    Time relative to first packet: 0.000000000 seconds
    Frame Number: 1
    Packet Length: 60 bytes
    Capture Length: 60 bytes
Ethernet II, Src: 00:10:95:7a:00:60, Dst: 01:00:5e:00:00:00
    Destination: 01:00:5e:00:00:00 (01:00:5e:00:00:00)
    Source: 00:10:95:7a:00:60 (ThomsonM_7a:00:60)
    Type: IP (0x0800)
    Trailer: 000176697065722E7678576F726B732E...
Internet Protocol, Src Addr: 172.17.40.34 (172.17.40.34), Dst Addr:
239.0.0.0 (239.0.0.0)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 28
    Identification: 0x1a73 (6771)
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 1
    Protocol: IGMP (0x02)
    Header checksum: 0xdc39 (correct)
    Source: 172.17.40.34 (172.17.40.34)
    Destination: 239.0.0.0 (239.0.0.0)
Internet Group Management Protocol
    IGMP Version: 2
    Type: Membership Report (0x12)    <-------- 
    Max Response Time: 0.0 sec (0x00)
    Header checksum: 0xfefe (correct)
    Multicast Address: 239.0.0.0 (239.0.0.0)


Is there a reason this should be interpretted as IGMPv2 that I'm missing?

http://www.ietf.org/rfc/rfc2236.txt

There are three types of IGMP messages of concern to the host-
   router interaction:

   0x11 = Membership Query
        There are two sub-types of Membership Query messages:
        - General Query, used to learn which groups have members on an
          attached network.
        - Group-Specific Query, used to learn if a particular group
          has any members on an attached network.

        These two messages are differentiated by the Group Address, as
        described in section 1.4 .  Membership Query messages are
        referred to simply as "Query" messages.

   0x16 = Version 2 Membership Report

   0x17 = Leave Group

   There is an additional type of message, for backwards-compatibility
   with IGMPv1:

   0x12 = Version 1 Membership Report




David Nicoson
Software Test Systems
Thomson 
(317) 587-4779

Attachment: igmp2.enc
Description: Binary data