If you notice the PPPoE length on most outbound packets is wrong.
It may be calculated after being passed to the capture mechanism --
have you had an opportunuty to see what actually goes through the
wire?
In the case of packet 11 the payload length is 0x520 - 0x16 = 1290
and the IP header states it should be 1292.
If you capture the PPP negotiation, What's the negotiated MTU ?
I think that's a bug in the kernel (probably in the capture part) but
unless we see what goes through the wire we cannot be sure about
exactly what is wrong.
BTW I found another bug in packet 14 of kscd_ppp0.pcap, the HTTP
payload is not decoded!
On 7/20/07, Toralf Förster <toralf.foerster@xxxxxx> wrote:
I use at home an DSL connection. The sniffed network stream over the ppp0 interface looks fine whereas the sniffed packets from the eth0 often looks bad :-(
As an example I attached 2 pcap files with the communication of the KDE program kscd with the CDDB server freedb.org, sniffed from ppp0 and eth0.
I don't undestand why the ppp0 stream is ok, whereas the eth0 stream has the malformed package #11. Any explanation are appreciated.
--
MfG/Sincerely
Toralf Förster
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
