Hey Guy,
Please see inline:
On Sat, Jul 13, 2002 at 01:43:28AM -0700, Guy Harris wrote:
> The frames in "concatenated.enc" looks reasonable at the Ethernet and IP
> layers...
>
> ...but not at the TCP layers; the TCP headers look, well, *weird*, with
> port numbers of 2 and 0, and the like.
>
> However, the TCP checksum is claimed to be correct.
>
> Any idea what's going on there?
Those frames were generated using an IXIA behind the Cable Modem, so we
picked a few random values for some of the fields. It was the only way we
could force the Cable Modem to concatenate the frames.
"phone_call_DSA_tellabs.enc" is a bit odd as well - a bunch of frames
have weird Ethernet types such as 0xd73b, but the payload looks as if it
might be SGCP.
ooops... My apoligies... The cable monitor command in IOS has two
Variations when it comes to monitoring data frames: With or without the
DOCSIS header. Mac Frames for obvious reasons must have the DOCSIS headers
on them. This trace was taken with the Cable Monitor setup to copy the
data frames without the DOCSIS header. If you were to turn off the "Treat
all Frames as DOCSIS Frames" preference those frames would be dissected
properly.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
--
Anand V. Narwani, CCIE 3892
Advanced Engineering Services
Cisco Systems, Inc.
Direct/Fax: 919.392.3404
Email: anarwani@xxxxxxxxx
"Meddle not in the affairs of dragons, for you are crunchy and taste good
with ketchup"
