Wireshark mailing list archives
Re: Packet decoding
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Tue, 29 Jun 2010 22:26:26 +0200
On 06/28/2010 04:47 PM, Putrycy wrote:
Hi everyone, I am developing piece of software, related to TCPIP stack. I have a weird problems, and no idea for how to diagnose em. Problem is : packets are getting malformed. Seeing em in wireshark helps a lot. Packets seem to be trimmed at the beginning and moved left (Ethernet II -> MACs) at exactly 2 bytes. Id like to make sure, they're not malformed in any other way. My idea would be to add those missing two bytes by hand, and then try to "decode" packet that was prepared like that. Problem is im not sure how to make it. Id be very grateful for any help: Here's an example: correct destination mac: a:b:c:d:e:f correct source mac: o:p:q:r:s:t These are malformed like: dest mac: c:d:e:f:o:p src mac: q:r:s:t:X:X where X is something incorrect. Thanks a lot for any suggestions.
Hi, You could use tshark to get the raw octets printed to a text file, edit the text file and convert back to pcap using text2pcap. On the original problem: you most likely have an alignment problem in your code. Depending in the processor/configuration accessing a int32 is not the same as accessing a int16 or octet. Thanks, Jaap ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Packet decoding Putrycy (Jun 28)
- Re: Packet decoding Jaap Keuter (Jun 29)