On Jan 30, 2008, at 11:00 AM, Daniel Koepke wrote:
Sorry for the delay, was pulled in different directions
Here is a sample of the scan taken today
How did you do that capture? With what type of machine are you
capturing?
At least some of the packets appear to have been damaged in the
process of capturing.
The first packet, for example, has an Ethernet type field value of 0,
which is not a valid type value (or length value) - Wireshark
interprets that as Fibre Channel because of the way some Cisco
equipment works (I think some Cisco Fibre Channel equipment can dump
internal traffic, and it looks like Ethernet traffic with an all-zero
type field).
The third packet has an Ethernet type value of 0xffff, which is also
not a valid type value (or length value).
The first byte *after* the bogus Ethernet type values in those packets
is 0x45 in both packets, so they look as if they might be IP packets -
and, if I use the Analyze > Decode As menu item to force Wireshark to
decode 0xffff as IP, those packets, at least, are IP packets;
unfortunately, as the Ethernet type value for those packets isn't the
type value for IP, so Wireshark (correctly) doesn't decode them as IP
packets by default.
Perhaps there's something wrong with the hardware you used to capture
the traffic, or with the low-level software doing the capture (OS,
drivers, etc.).
