Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10282] Add Stateless Transport Tunneling support

Wireshark-bugs: [Wireshark-bugs] [Bug 10282] Add Stateless Transport Tunneling support

Date: Sun, 17 Jan 2016 03:23:11 +0000

Comment # 7 on bug 10282 from Guy Harris

(In reply to Rémi vichery from comment #5)
> These pcap files are taken from real traffic between two Virtual Machine
> running on two Openstack hypervisors. Hypervisors are using STT as an
> overlay protocol (like VXLAN, GRE or NVGRE) to encapsulate tenant traffic.
> 
> (In reply to comment #3)
> > I'm guessing that these pcap files are hand-made since some of the outer TCP
> > info seems somewhat bogus.

Meaning that the "outer TCP info" isn't TCP info, it's STT info.  STT is a
protocol that has headers that look exactly like TCP headers *except* that the
sequence and acknowledgment numbers are repurposed, and that uses the same IP
protocol number as, but isn't TCP.

It has a heuristic dissector, running atop the IP dissector, which checks for
the TCP protocol number and for the purported TCP destination port number being
7471; in order for that dissector to see the packets, the IPv4 preference to
try heuristic dissectors first has to be set.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 9933] Questionable calling of ethernet dissector by encapsulating protocol dissectors
Next by Date: [Wireshark-bugs] [Bug 9933] Questionable calling of ethernet dissector by encapsulating protocol dissectors
Previous by thread: [Wireshark-bugs] [Bug 9933] Questionable calling of ethernet dissector by encapsulating protocol dissectors
Next by thread: [Wireshark-bugs] [Bug 5061] Infiniband EoIB dissection (patch)
Index(es):
- Date
- Thread