If you send a packet protocol BJNP (which sends CUPS), then wireshrk displays
it incorrectly. When sending multiple identical packets, displaying changes.
To reproduce this situation, you can use the following code:
#include <pcap.h>
int send_packet(unsigned char *data, int len)
{
char *dev = "eth2";
char *errbuf;
pcap_t *open_live = pcap_open_live(dev, 65535, 1, 1000, errbuf);
pcap_sendpacket(open_live, data, len);
return 0;
}
int main(int argc, char *argv[])
{
unsigned char bjnp_bad[] =
"\xff\xff\xff\xff\xff\xff\x0a\x00\x27\x00\x00\x00\x08\x00\x45\x00"
"\x00\x2c\x00\x00\x40\x00\x40\x11\x48\x70\xc0\xa8\x38\x01\xc0\xa8"
"\x38\xff\x8b\x5a\x21\xa3\x00\x18\xce\xd2\x42\x4a\x4e\x50\x01\x01"
"\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00";
send_packet(bjnp_bad, sizeof(bjnp_bad));
return 0;
}
Wireshrk displays them in a way (all packets identical):
http://img94.imageshack.us/img94/4608/wireshrk.png
Sorry for my bad english.
Version 1.2.1
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.12, with GLib 2.16.6, with libpcap 1.0.0, with libz
1.2.3, with POSIX capabilities (Linux), with libpcre 7.7, without SMI, without
c-ares, without ADNS, without Lua, with GnuTLS 2.6.2, with Gcrypt 1.4.0, without
Kerberos, with GeoIP, without PortAudio, without AirPcap.
Running on Linux 2.6.29.5-smp, with libpcap version 1.0.0, GnuTLS 2.8.4, Gcrypt
1.4.4.
Built using gcc 4.2.4.
