Ethereal-users: [Ethereal-users] Read filter using eth.len seems to be buggy.
Hi all,
I think there is a problem with the eth.len read filter, but since I did not
have the time to trace it or to check the source code yet, I thought I would
first of all ask this list to see if this is normal and/or if you can arrive
at the same results as my test.
test done using ethereal v. 0.8.20
-----------------------------------
Test1:
Machine1# ping Machine2
64 bytes from 192.168.1.1: icmp_seq=0...
...
Machine2# tethereal -R "eth.dst == 00:00:0c:53:43:2b"
device eth0 entering promisc. mode
Capturing on eth0
1.5900000 192.168.1.20 -> 192.168.1.1 ICMP Echo (ping) request
2.5900000 192.168.1.20 -> 192.168.1.1 ICMP Echo (ping) request
The eth.dst works fine. Now I will add eth.len to this:
Machine1# ping Machine2
64 bytes from 192.168.1.1: icmp_seq=0...
...
Machine2# tethereal -R "eth.dst == 00:00:0c:53:43:2b and eth.len > 1"
device eth0 entering promis. mode
Capturing eth0
<nothing>
Humm... I dare to say that just about 99.999% (even 100% maybe?) of ethernet
packets should have len > 1?
Is this normal?
Thanks in advance!
Daniel Shane
----
Daniel Shane (daniel.shane NOSPAM@xxxxxxxxx)
GNU/Linux developer
Eicon Networks (www.eicon.com)