Anyone have an idea what this packet means, or at least where in the
kernel/app sources to look? It was taken on a Linux 2.6 host using “any”
capture. For the vast majority of the packets in the trace it display the
ethertype as the Protocol for the SLL header. I had a hard time tracking down
where in the kernel sources it would generate a 0 ethertype, and they payload
doesn’t look like a netlink packet.
% tethereal -V -r tmp5.cap
Frame 1 (56 bytes on wire, 56 bytes captured)
Arrival Time: Aug 16, 2006 10:58:29.761153000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 56 bytes
Capture Length: 56 bytes
Protocols in frame: sll:data
Linux cooked capture
Packet type: Sent by us (4)
Link-layer address type: 1
Link-layer address length: 6
Source: IntelCor_00:3b:07 (00:15:17:00:3b:07)
Protocol: Unknown (0x0000)
Data (40 bytes)
0000 5b 50 00 28 00 02 00 00 01 00 10 00 01 00 10 01
[P.(............
0010 00 00 00 78 00 00 00 01 00 15 17 00 3b 07 00 00
...x........;...
0020 00 00 00 00 00 00 00 00 ........
Thanks,
Dave
