Ethereal-dev: [ethereal-dev] tcpdump file != ethereal file ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Hannes R. Boehm" <hannes@xxxxxxxxx>
Date: Sun, 11 Jul 1999 14:47:21 +0200
Hi,

I often use fd->cap_len to determine wether or not there
are more structures to disassemble in this packet.
-> see packet-ospf.c line 202

This works fine if I capture the packets with ethereal, but fails
if i use tcpdump. I often use the tcpdump we have at the office
(Redhat 4.2 - tcpdump version ???) -> sometimes you get dozens of 
LSAs or active neighbors which don't realy exist.

Did anyone else see this behaviour ? (in other protocolls ?)
What else should I use instead of fd->cap_len to determine the end of the
packet ?

Hannes

-- 
--
"The nice thing about standards is that there's so many to choose from." 
        -- Andrew S. Tanenbaum
!------------------------------------------------------------------!
  Hannes R. Boehm
        email   : hannes@xxxxxxxxx
        www     : http://hannes.boehm.org
        PGP-key : http://hannes.boehm.org/hannes-pgp.asc
!------------------------------------------------------------------!