Eric Renkoff wrote:
Here is a small capture file with an example packet in it.
The GRE encapsulation type for the packet is 0x07fe; according to RFC
2784 - Generic Routing Encapsulation (GRE) ("Enron Communications"?
Wow, a blast from the past...):
The Protocol Type field contains the protocol type of the payload
packet. These Protocol Types are defined in [RFC1700] as "ETHER
TYPES" and in [ETYPES]. An implementation receiving a packet
containing a Protocol Type which is not listed in [RFC1700] or
[ETYPES] SHOULD discard the packet.
http://standards.ieee.org/regauth/ethertype/eth.txt doesn't list 0x07fe
as an Ethernet type, and neither do
http://www.wildpackets.com/support/compendium/reference/ethertypes
nor
http://www.cavebear.com/archive/cavebear/Ethernet/type.html
So the way to get Wireshark to decode those packets is to find out what
an Ethernet type of 0x07fe means (or to find out that whoever's
transmitting those packets isn't using an Ethernet type, and find out
what 0x07fe means in that case), and let us know so we can add that as a
type to understand. (It's not IPv4 or IPv6 - the payload doesn't begin
with 0x4x or 0x6x - so it's probably not FTP, unless it's FTP over
something other than TCP, or it's FTP over TCP over something other than
IPv4 or IPv6.)
