Wireshark-bugs: [Wireshark-bugs] [Bug 11628] Mac-In-Mac aka 802.1ah aka SPBm wrong Frame on the
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 25 Oct 2015 06:48:39 +0000

changed bug 11628


What Removed Added
Status UNCONFIRMED RESOLVED
CC   jyoung@gsu.edu
Resolution --- NOTABUG

Comment # 2 on bug 11628 from 
Hello Mark,

It appears that your SPBm Capture trace is simply missing many (most?) of the
FTP-DATA packets.   Within this trace the packets of length 1252 that you cite
as too small in fact carry a TCP payload of 1176 bytes of data which correlates
with similar packets in your other trace.

Your Capture of FTP data in mirror port trace has numerous packets of length
1230 that also carry a TCP payload of 1176 bytes of data.  You can more easily
spot these in the mirror trace by entering a display filter such as: tcp &&
!frame.len==1514

With the full length packets out of the way, you should be able to better see
the many tcp packets with smaller payloads.  If you doubt these smaller packets
correlate look more closely at these smaller TCP packets in both traces and you
will see the TCP PSH bit is set whereas in most of the full length TCP packets
(the ones with TCP payload length of 1460 bytes) the TCP PSH bit is not set.

If I recall correctly Avaya will set up (at least) two paths across their SPB
fabric for the packets to flow.  I suspect you simply have multiple paths
between your two endpoints and you only captured packets that happened to
traverse one.  I don't have enough first hand experience with Avaya's SPB to
know why some packets in a flow might favor one path over another.

It would be interesting to know how (and from where in your network) you
created the SPBm trace but regarding your original issue, Wireshark is very
likely not at fault here.  If you believe otherwise feel free to re-open this
bug.

NOTE: Wireshark reported the Expert Info message "Error/Malformed: Packet
length 165 went beyond packet" for two ISIS Hello packets within the SPBm
Capture trace.  I believe is a false positive.  I have extracted those two
packets into a separate trace file (using a display filter of "isis") and will
attach same to a new bug report.

You are receiving this mail because:
  • You are watching all bug changes.