On Thu, Sep 15, 2005 at 11:49:11AM +0100, Baldwin, Nick wrote:
...
> In the trace the Opcode is 3
...
> Serching the Web found the following
> http://www.atm.tut.fi/list-archive/cisco-nsp/msg08882.html
> So this has been going on for some time
>
> Could the "Malformed Packet" be replaced by "Undocumented Opcode"
...
> Cisco Hot Standby Router Protocol
> Version: 0
> Op Code: Unknown (3)
> State: Initial (0)
> Hellotime: Non-Default (1)
> Holdtime: Non-Default (0)
> Priority: 14
> Group: 2
> Reserved: 0
> Authentication Data: Non-Default ()
> [Malformed Packet: HSRP]
>
> 0000 01 00 5e 00 00 02 00 12 7f ba 1f 02 81 00 00 0c ..^.............
> 0010 08 00 45 c0 00 2c 00 00 00 00 01 11 23 e7 0a 1c ..E..,......#...
> 0020 aa fc e0 00 00 02 07 c1 07 c1 00 18 59 0e 00 03 ............Y...
> 0030 00 01 00 0e 02 00 00 00 00 01 00 00 00 00 00 00 ................
No, it can't. Beause we already print "Unknown". The malformed packet is
(correctly) printed because the packet looks differently from what we expect
it to look like: It's 64 bytes in length.
14 Ethernet
4 802.1Q
20 IP
8 UDP
20 HSRP
Sum: 66 but the dissector has access to only 64 bytes.
So it looks like the opcode 3 packets look differently from the 0-2 opcode
packets. We need to know how an opcode 3 packet looks like.
Ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
