I had some other strange problems with RedHat 6.1 tcpdump/libpcap apart from
the hang and the reversed -p flag, it also showed most destination MAC's as
00:00:00:00:00:01... Now I've recompiled Ethereal with stock libpcap + the
patch, and recompiled Ethereal. (RedHat bug web says the problems is fixed in
tcpdump-3.4-17 but that version seems not to be released).
Here is a file with a CDP packet, it now shows as LLC SNAP..Cisco..0x2000
which is correct, but I guess it should show as CDP. The packet is recorded
with Ethereal, not tcpdump (though there should be no difference now).
Thanks again for your efforts.
Gilbert Ramirez wrote:
> On Tue, Jan 11, 2000 at 08:33:59AM -0600, Rasmus Andersson wrote:
> >
> >
> > Hi all
> >
> > Am I just stupid, or is Ethereal 0.8.1 supposed to show CDP packets as
> > "LLC U, func=UI"? The previous version I ran (0.7.something) showed them
> > as CDP. Maybe some decoding tests are done in the wrong order.
> > Env: RedHat 6.1, tcpdump file.
>
> Can you send a sample trace file to ethereal-dev? With the new "save"
> option, you can filter out just the packets you're referring to and
> save them to a small trace file.
>
> --gilbert
--
Rasmus Andersson
WM-data Security http://www.sec.wmdata.se
Löjtnantsgatan 25, Box 27307, 102 54 Stockholm
Tel: +46-(0)8-459 10 46, +46-(0)70-535 14 21
Fax: +46-(0)8-459 10 45
raane@xxxxxxxxxx
PGP Id:70650262 Fpr:72FC 233D 2CBF 3477 2218 6366 3C21 BFCB 7065 0262
Ôò¡������������ÿÿ������bY|8??��,���,������ÌÌÌ���Xá1��ªª���� ��´Yl����ltg1����������Ì��YH�ý���
Ethernet0�����������ÖCisco Internetwork Operating System Software
IOS (tm) 4500 Software (C4500-I-M), Version 11.1(20), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 22-Jun-98 16:33 by pnicosia����cisco 4500
