Wireshark · Wireshark-dev: Re: [Wireshark-dev] text2pcap once again

["Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>]

I don’t think you’re convincing anyone that you are actually aware of the header formats or you’d probably be able to figure this out, which is why Guy suggested you do a little more reading.

 

But I’ll try to help you along a little further:

 

The Ethernet header is a fixed 14 bytes as follows:

000000 00 e0 1e a7 05 6f 00 10
000008 5a a0 b9 12 08 00

 

Since the Ethertype indicates IP, the IP header follows next:

000008                   46 00
000010 03 68 00 00 00 00 0a 2e
000018 ee 33 0f 19 08 7f 0f 19
000020 03 80 94 04 00 00

 

Since the protocol indicated in the IP header is RSVP, the payload will contain an RSVP header, followed by its data:

000020                   10 01
000028 16 a2 0a 00 03 50 00 0c
000030 01 01 0f 19 03 80 11 01

(830 more bytes to follow ...)

 

I leave the rest of the details to you.  Still troubled?  Go back to Guy’s suggestion. :)  As a quick alternative, you might want to try looking at the information provided at the following web site, which I’ve found to be helpful:

http://www.networksorcery.com ->  RFC SOURCEBOOK (top of page) -> Protocols (Left pane) -> I -> IP.

 

Good luck,

Chris

 

---

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of jaiswal.vikash@xxxxxxxxx
Sent: Tuesday, January 09, 2007 7:52 AM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] text2pcap once again

 

Hi Guy Harris ,

 

    armed with what you've learned from that book about the format of Ethernet headers and IP headers,

     look at the first 14 bytes of data in the packet (you'll now know how that produces the display

 

Thanks for the above suggestion especially the book.

But I'm already aware of the IP packet format , but some how I'm not able to map the values to the different header fields ..

 

000000 00 e0 1e a7 05 6f 00 10
000008 5a a0 b9 12 08 00 46 00
000010 03 68 00 00 00 00 0a 2e
000018 ee 33 0f 19 08 7f 0f 19
000020 03 80 94 04 00 00 10 01
000028 16 a2 0a 00 03 50 00 0c
000030 01 01 0f 19 03 80 11 01

 

Please correct me if I'm wrong , but as per my understanding , if I have a file "test" with the above values as content then the below command will generate an IP packet using these values and add some dummy ethernet header values to it.

Command :    text2pcap test test123.pcap 

 

So could you please tell me which values from above would correspond to IP header portions like : 

1) version

2)IHL

3)TOS

4)Total length

5)Identification .......... etc .

 

Thanks once again for your response , hope to get some further inputs again .

Note : This is related to the mail titled "text2pcap help needed " .

 

Regards ,

Vikash

 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com

---

This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, retention, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Also, email is susceptible to data corruption, interception, tampering, unauthorized amendment and viruses. We only send and receive emails on the basis that we are not liable for any such corruption, interception, tampering, amendment or viruses or any consequence thereof.