Ethereal-users: [Ethereal-users] Unreassembled packet with 0.9.3, but not with 0.9.0
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Peter O'Neill <Peter.ONeill@xxxxxx>
Date: Mon, 13 May 2002 13:32:13 +0100
A single packet (from 250 captured)
0000 00 10 4b b7 4e 0b 00 c0 1b 04 36 9e 08 00 45 00 ..K.N.....6...E.
0010 00 2c 7e 00 40 00 80 06 38 e1 89 2b 1a 46 89 2b .,~.@...8..+.F.+
0020 17 4e 04 07 03 e7 00 01 7a c9 9b cd 9c c1 50 18 .N......z.....P.
0030 7e ea 2e ac 00 00 03 00 00 00 ~.........
is decoded differently (and it seems incorrectly) by 0.9.3 instead of 0.9.0
The packets were captured by Epiphan Consulting CENiffer on Compaq iPAQ
3630, during synchronisation. Ethereal was running on the desktop PC at the
same time, and the corresponding decoded packet at that end is similarly
incorrectly shown as unreassembled by 0.9.3 but as [PSH, ACK] by 0.9.0
CENiffer itself decodes this packet as <PUSH><ACK>, and this decoding seems
correct in context. The reason for the capture is debugging synchronisation
by Ethernet connection which works when connected locally to the network
with the desktop PC, but fails when attempted remotely via a home network
(this information added in case anyone reading this has already examined
this and has advice!)
--------------------------------------------------------------
By 0.9.3:
241 2002-05-13 10:41:59.0000 ipaqponeill.ucd.ie PONEILL-MECHENG
TPKT [Unreassembled Packet]
Frame 241 (58 on wire, 58 captured)
Arrival Time: May 13, 2002 10:41:59.000000000
Time delta from previous packet: 0.000000000 seconds
Time relative to first packet: 31.000000000 seconds
Frame Number: 241
Packet Length: 58 bytes
Capture Length: 58 bytes
Ethernet II
Destination: 00:10:4b:b7:4e:0b (PONEILL-MECHENG)
Source: 00:c0:1b:04:36:9e (ipaqponeill.ucd.ie)
Type: IP (0x0800)
Internet Protocol, Src Addr: ipaqponeill.ucd.ie (137.43.26.70), Dst Addr:
PONEILL-MECHENG (137.43.23.78)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x7e00
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x38e1 (correct)
Source: ipaqponeill.ucd.ie (137.43.26.70)
Destination: PONEILL-MECHENG (137.43.23.78)
Transmission Control Protocol, Src Port: 1031 (1031), Dst Port: 999 (999),
Seq: 96969, Ack: 2613943489
Source port: 1031 (1031)
Destination port: 999 (999)
Sequence number: 96969
Next sequence number: 96973
Acknowledgement number: 2613943489
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 32490
Checksum: 0x2eac (correct)
TPKT
Version: 3
Reserved: 0
Length: 0
[Unreassembled Packet: Q.931]
--------------------------------------------------------------
By 0.9.0:
241 2002-05-13 10:41:59.0000 ipaqponeill.ucd.ie PONEILL-MECHENG
TCP 1031 > 999 [PSH, ACK] Seq=96969 Ack=261
Frame 241 (58 on wire, 58 captured)
Arrival Time: May 13, 2002 10:41:59.000000000
Time delta from previous packet: 0.000000000 seconds
Time relative to first packet: 31.000000000 seconds
Frame Number: 241
Packet Length: 58 bytes
Capture Length: 58 bytes
Ethernet II
Destination: 00:10:4b:b7:4e:0b (PONEILL-MECHENG)
Source: 00:c0:1b:04:36:9e (ipaqponeill.ucd.ie)
Type: IP (0x0800)
Internet Protocol, Src Addr: ipaqponeill.ucd.ie (137.43.26.70), Dst Addr:
PONEILL-MECHENG (137.43.23.78)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x7e00
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x38e1 (correct)
Source: ipaqponeill.ucd.ie (137.43.26.70)
Destination: PONEILL-MECHENG (137.43.23.78)
Transmission Control Protocol, Src Port: 1031 (1031), Dst Port: 999 (999),
Seq: 96969, Ack: 2613943489
Source port: 1031 (1031)
Destination port: 999 (999)
Sequence number: 96969
Next sequence number: 96973
Acknowledgement number: 2613943489
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 32490
Checksum: 0x2eac (correct)
Data (4 bytes)
0000 03 00 00 00 ....
--
Peter O'Neill, Mech. Eng. Dept., UCD, Belfield, Dublin 4, Ireland
Phone: +353(1)716 1889
Fax: +353(1)283 0534
Mobile: +353(87)684 8448
E-mail: Peter.ONeill@xxxxxx
(Alternatives in case of failure with main UCD mail servers:
oneillpetert@xxxxxxxxxx,
oneillpetert@xxxxxxxxxxx)
WWW: http://poneill.ucd.ie/
- Follow-Ups:
- Prev by Date: [Ethereal-users] test
- Next by Date: [Ethereal-users] VoIP sniffing
- Previous by thread: [Ethereal-users] looked at your webpages - http://www.ethereal.com/faq.html
- Next by thread: Re: [Ethereal-users] Unreassembled packet with 0.9.3, but not with 0.9.0
- Index(es):
