Wireshark · Ethereal-dev: Re: [Ethereal-dev] Wrong decoding of tektronix K15 Gb file

Ethereal-dev: Re: [Ethereal-dev] Wrong decoding of tektronix K15 Gb file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Tue, 23 Aug 2005 01:23:56 +0200

Hi,

    I Checked in a fix (15513) and now we can see 255 packets in the
file (please note that I discard start and stop capture events that
the K12 might be very well counting as frames, I might put them there
in the next future).

Before this I haven't ever seen any file with record types !=
0x00010020, the missing ones where 0x00010024, what I do now is to
mask the type.

BTW. I made case-insensitive the stack filename as well.

Luis.

On 8/11/05, Yann Samama <ysamama@xxxxxxxxxx> wrote:
> Hi Luis,
> 
> Please find enclosed the k15 text output (zipped).
> 
> Cheers,
> 
> Yann.
> 
> -----Original Message-----
> From: LEGO [mailto:luis.ontanon@xxxxxxxxx]
> Sent: jeudi 11 août 2005 01:20
> To: Ethereal development; Samama, Yann [CTF:460T:EXCH]
> Subject: Re: [Ethereal-dev] Wrong decoding of tektronix K15 Gb file
> 
> 
> Hi,
> 
> On 8/10/05, Yann Samama <ysamama@xxxxxxxxxx> wrote:
> > 1/ The numbers of packets and the packets themselves seen by Ethereal
> > and the K15 viewer are different.  => K15 viewer sees 257 packets
> > (from 7 to 263, see enclosed file k15.jpg).
> >  => Ethereal sees 147 packets (from 1 to 147, see enclosed file
> > ethereal.jpg).
> 
> Could you send in the k15's text output for the capture file you attached. Please make sure to to set the display of the packet's hex data.
> 
> > 2/ The statistics for GSM/A-Interface DTAP/GPRS Session Management
> > wrongly displays 0 for all counters from time to time.
> I think that should be a problem of the tap not related to the file format.
> 
> > 3/ The start timestamp read by Ethereal differs from the one read by
> > the K15 viewer.  => K15 : 03/08/2005 22:50:20,907,373
> >  => Ethereal : 04/08/2005 00:50:20,907,373
> >  => So there is a 2 hours shift ; since those traces were taken in a
> > country which time is GMT+2, I would suggest that there is some field
> > holding the shift value wrongly taken into account?
> 
> I'I don't  even know if there is timezone data in a file. I thought it always was GMT as in some captures I got.
> 
> I'd need a set of very similar captures (same scenario, sources, stacks, etc.) taken using different timezone configurations to be able to dig into this.
> 
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> 
> 
> 
> 


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

References:
- RE: [Ethereal-dev] Wrong decoding of tektronix K15 Gb file
  - From: Yann Samama

Prev by Date: [Ethereal-dev] Buildbot crashing on uui-malformed-packet.pcap
Next by Date: RE: [Ethereal-dev] one question about UMTS RANAP decoder
Previous by thread: RE: [Ethereal-dev] Wrong decoding of tektronix K15 Gb file
Next by thread: [Ethereal-dev] FW: hp-ux 11.11 eth 10.x and Gdk-CRITICAL libpixbufloader-xpm.sl: unknown dl-error
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$