Ethereal-users: [Ethereal-users] Mis-decoded packet?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Berry, Richard" <BerryR@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 13 Sep 2002 11:39:34 -0500
Hello:
 
I have another interesting one:
 
While sniffing multicast traffic, some of my packets are (erroneously) decoded as SNMP. Others are (erroneously) decoded as NBNS. As a result, the info comes up for the SNMP packet:
 
Error: Couldn't parse message header: Wrong type for that item.
 
The NBNS packet info is:
 
Unknown operation (2) unknown Illegal NetBIOS name (character not between A and Z in first-level encoding)[Malformed Packet]
 
When I look at the same packets in Sniffer Basic, they both decode as HSRP: Hello State=Active.
 
Here's the hex dump of one of the packets:
 
ADDR  HEX                                               ASCII
0000: 01 00 5e 00 00 02 00 00 0c 07 ac 01 08 00 45 c0 | ..^.......¬...EÀ
0010: 00 30 5e a3 00 00 01 11 34 d3 a1 82 a4 02 e0 00 | .0^£....4Ó¡‚¤.à.
0020: 00 02 00 a1 07 c1 00 1c 29 80 00 00 10 03 0a ff | ...¡.Á..)€.....ÿ
0030: 01 00 63 69 73 63 6f 00 00 00 a1 82 a4 fa 3c 10 | ..cisco...¡‚¤ú<.
0040: 32 e3                                           | 2ã
 
Is this a decode issue for Ethereal?
 
Thanks in advance.

Richard Berry
LAN Engineer - Principal
"Si hoc legere scis numium eruditionis habes."