Wireshark-users: [Wireshark-users] a question about "Raw packet data", message: No links data ava
Hello!
Can you please help me to find out...?
I have downloaded RawPacketIPv6Tunnel-UK6x.cap from
http://wiki.wireshark.org/SampleCaptures page.
Below you can see the desription from that site:
RawPacketIPv6Tunnel-UK6x.cap (libpcap) - Some IPv6 packets captured
from the 'sit1' interface on Linux. The IPv6 packets are carried over
the UK's UK6x network, but what makes this special, is the fact that
it has a Link-Layer type of "Raw packet data" - which is something
that you don't see everyday.
If you try to open this file you can see description, for example, for
first packet:
Frame 1
Raw Packet Data
If you expand "Raw Packet Data" you can see the message:
"No link information available"
What should it be here? What would wireshark like to see here? Or in
another words what can be here instead of "No link information
available"?
The above mention packet keep 12( WTAP_ENCAP_RAW_IP) value for data
link type. What does mean "RAW IP"? As far as understand it means that
packet will be parsed begining at IP and it packet should not have any
data link layers, Ethernet and etc, but if I am rigth in this case
what does raw packet data mean? Really, I am confused :-)
The WTAP_ENCAP_RAW_IP was taken from
http://anonsvn.wireshark.org/wireshark/trunk/wiretap/libpcap.c
For more details see here
http://wiki.wireshark.org/Development/LibpcapFileFormat
Thanks in advance.