Comment # 7
on bug 10282
from Guy Harris
(In reply to Rémi vichery from comment #5)
> These pcap files are taken from real traffic between two Virtual Machine
> running on two Openstack hypervisors. Hypervisors are using STT as an
> overlay protocol (like VXLAN, GRE or NVGRE) to encapsulate tenant traffic.
>
> (In reply to comment #3)
> > I'm guessing that these pcap files are hand-made since some of the outer TCP
> > info seems somewhat bogus.
Meaning that the "outer TCP info" isn't TCP info, it's STT info. STT is a
protocol that has headers that look exactly like TCP headers *except* that the
sequence and acknowledgment numbers are repurposed, and that uses the same IP
protocol number as, but isn't TCP.
It has a heuristic dissector, running atop the IP dissector, which checks for
the TCP protocol number and for the purported TCP destination port number being
7471; in order for that dissector to see the packets, the IPv4 preference to
try heuristic dissectors first has to be set.
You are receiving this mail because:
- You are watching all bug changes.