Ethereal-dev: RE: [ethereal-dev] Ethereal on Solaris -- lexical scanner problem s.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Brown, Wes" <Wes_Brown@xxxxxxx>
Date: Fri, 6 Aug 1999 17:34:15 -0500 
I don't meant to laugh, but ... :)

'BADBEEF' is indeed a correct fragment of an ethernet address.  The test
cases and test files that I have use these ethernet addresses to easily
distinugsh from 'real' traffic.

Alas, no, I don't have a pre-0.7.0 Ethereal handy.  I just leapt into
this project yesterday.

Wes

-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Friday, August 06, 1999 5:27 PM
To: Brown, Wes
Cc: 'Guy Harris'; Brown, Wes; 'Gilbert Ramirez'; 'ethereal-dev@xxxxxxxx'
Subject: Re: [ethereal-dev] Ethereal on Solaris -- lexical scanner
problem s.


> $1 = {ts_sec = 12513210, ts_usec = 3489792186, incl_len = 3689869315,
>   orig_len = 134235392}

	#
	# "showtime_t" is a little program I whipped up a while ago
	# that takes a "time_t" value as an argument and prints it
	# out as a date and time.
	tooting$ showtime_t 12513210
	Mon May 25 12:53:30 1970

Hmm.  That's not a good sign; it looks as if we're at a bogus offset in
the file.

	tooting$ bc
	obase=16
	12513210
	BEEFBA
	3489792186
	D00200BA
	3689869315
	DBEEF003
	134235392
	8004500

"BEEF" looks a little suspicious - in fact, it looks as if "BADBEEF"
appears; this could be packet data of some sort, further suggesting that
we're at the wrong offset in the file.

Do you happen to have a pre-0.7.0 Ethereal handy, configured *without*
"wiretap"?  If so, it might be interesting to see whether it can read
the same capture file; if so, that suggests some problem with
"wiretap"'s handling of "libpcap" files.