Wireshark · Ethereal-users: [Ethereal-users] Info for Novell NCP over IP Watchdog decode

[Lieb Peter <lieb@xxxxxxxx>]

Hi,

a few days ago I sniffered ncp packets, which ethereal could not decode.
After looking at different analyzers I found Novell Lanalyzer with the
newest patch, which can decode this packets. Here are my infos perhaps for
the next version of ncp over ip packet decode.

The original hex coded packet:
--------------------------------------------
0000  00 03 47 97 d2 ec 00 20 da e9 39 83 08 00 45 00   ..G.... ..9...E.
0010  00 2a 49 58 00 00 7f 11 d8 6b 0a 5c 0a 36 0a 5c   .*IX.....k.\.6.\
0020  fb 11 04 08 02 0c 00 16 9b 11 3e 3e 00 06 00 00   ..........>>....
0030  00 00 06 59 00 00 00 00 37 37 37 37               ...Y....7777    

That is what Novell Lanalyzer says about this packet:
----------------------------------------------------------------------------
-
Packet Number : 31          10:25:48 
Length : 64 bytes           
ether: ==================== Ethernet Datalink Layer ====================
       Station: 00-20-DA-E9-39-83 ----> 00-03-47-97-D2-EC
       Type: 0x0800 (IP)
   ip: ======================= Internet Protocol =======================
       Station:10.92.10.54 ---->10.92.251.17
       Protocol: UDP
       Version: 4 
       Header Length (32 bit words): 5
       Precedence: Routine
              Normal Delay, Normal Throughput, Normal Reliability
       Total length: 42
       Identification: 18776
       Fragmentation allowed, Last fragment
       Fragment Offset: 0
       Time to Live: 127 seconds
       Checksum: 0xD86B(Valid)
  udp: ===================== User Datagram Protocol ====================
       Source Port: 1032
       Destination Port: 524
       Length = 22
       Checksum: 0x9B11(Valid)
  ncp: ===================== NetWare Core Protocol =====================
       NCP Message: Watchdog Packet
       Request Type: 0x3E3E (Watchdog Packet)
       Sequence Number: 0
       Connection Number Low: 6
       Task Number: 0
       Connection Number High: 0
       Completion Code: 0
       Connection Status: 0
       Slot: 6
       Control Code: 89
Data:
   0: 00 00 00 00                                     |....            

And that is what Ethereal 0.9.2 says about this packet:
----------------------------------------------------------------------------
----
Frame 31 (60 on wire, 60 captured)
    Arrival Time: May 14, 2002 10:25:48.852695000
    Time delta from previous packet: 0.495058000 seconds
    Time relative to first packet: 29.166086000 seconds
    Frame Number: 31
    Packet Length: 60 bytes
    Capture Length: 60 bytes
Ethernet II
    Destination: 00:03:47:97:d2:ec (Intel_97:d2:ec)
    Source: 00:20:da:e9:39:83 (Xylan_e9:39:83)
    Type: IP (0x0800)
    Trailer: 37373737
Internet Protocol, Src Addr: xxxxx1e3.xxxxx.de (10.92.10.54), Dst Addr:
10.92.251.17 (10.92.251.17)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 42
    Identification: 0x4958
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 127
    Protocol: UDP (0x11)
    Header checksum: 0xd86b (correct)
    Source: xxxxx1e3.xxxxx.de (10.92.10.54)
    Destination: 10.92.251.17 (10.92.251.17)
User Datagram Protocol, Src Port: iad3 (1032), Dst Port: ncp (524)
    Source port: iad3 (1032)
    Destination port: ncp (524)
    Length: 22
    Checksum: 0x9b11 (correct)
NetWare Core Protocol
    NCP over IP signature: Unknown (0x3e3e0006)
    NCP over IP length: 0x00000000
    Type: Unknown (0x0659)
    Sequence Number: 0
    Connection Number: 0
    Task Number: 0


Peter Lieb
Dezentrale Systeme
Tel. +49 6021 633 1420
Fax +49 6021 633 8420
Mail: lieb@xxxxxxxx