Wireshark-bugs: [Wireshark-bugs] [Bug 11424] Vssmonitoring Timestamp

Date: Thu, 06 Aug 2015 15:38:23 +0000

Comment # 7 on bug 11424 from
VSS Monitoring trailer detection is purely heuristic based.
In Wiresahrk 1.12.X versions, the “use heuristics to identify if trailer
contains VSS-monitoring data” parameter just deactivates the timestamps checks
I was talking about in comment #1. But they do not enter into account for port
stamping, only for time stamping. That's why toggling the option does not
change anything.
In Wireshark 1.99.x developments versions, this has been changed to cover the
whole dissector.
Interestingly in the capture you posted in comment #6, we can see that all
packets are padded with 00 until reaching 64 bytes (which are my 72 bytes minus
the 8 bytes usually used for VSS monitoring timestamps).

So we are exactly in the same use case as my analysis done in comment#1.
Something is adding padding between the end of the packets and the VSS
monitoring trailer when the ETH + 802.1Q + IP packets are < 64 bytes.


You are receiving this mail because:
  • You are watching all bug changes.