unreadable(?) capture file

[alex medvedev <alexm () pycckue org>]

hallo,

i can't seem to read a capture file with tcpdump (cvs or 3.7.1).

the capture file was created with AIX's version of tcpdump (old).
it recorded some iscsi packets (see attached dump file).

$ file /tmp/rawdump.read
/tmp/rawdump.read: tcpdump capture file (big-endian) - version 2.2 (Token Ring, capture length 500)

when i read it with tethereal i get expected results:

  1   0.000000    10.1.1.10 -> 10.1.1.1     TCP 34388 > 3260 [SYN]
Seq=836482475 Ack=0 Win=65535 Len=0
  2   0.000115     10.1.1.1 -> 10.1.1.10    TCP 3260 > 34388 [SYN, ACK]
Seq=3762875400 Ack=836482476 Win=65535 Len=0
  3   0.000211    10.1.1.10 -> 10.1.1.1     TCP 34388 > 3260 [ACK]
Seq=836482476 Ack=3762875401 Win=65535 Len=0

however, when i read it with tcpdump -r i get smth like this:

reading from file /tmp/rawdump.read, link-type 6 (IEEE802)
13:23:01.865452524 55:af:20:c2:08:00 30:0c:a0:00:00:02 60:
                         4500 002c 2f68 0000 3c06 3958 0a01 010a
                         0a01 0101 8654 0cbc 31db b5ab 0000 0000
                         6002 ffff 0783 0000 0204 05b4 0000
13:23:01.865567877 30:0c:a0:00:08:00 55:af:20:c2:00:0c 60:
                         4500 002c 225e 0000 4006 4262 0a01 0101
                         0a01 010a 0cbc 8654 e048 ec08 31db b5ac
                         6012 ffff 3b20 0000 0204 05b4 0000
13:23:01.865663360 55:af:20:c2:08:00 30:0c:a0:00:00:02 60:
                         4500 0028 2f69 0000 3c06 395b 0a01 010a
                         0a01 0101 8654 0cbc 31db b5ac e048 ec09
                         5010 ffff 52dd 0000 0000 0000 0000

i know that current tcpdump can not decode iscsi yet, but shouldn't it
display tcp packets?
or is the file way too old for current tcpdump?

AIX's tcpdump gives the timestamps in nanoseconds vs. microseconds that
tcpdump from tcpdump.org does.
could that be the problem?

i'd appreciate any input,

-alexm
17:21 14/09/2003

Attachment: rawdump.read
Description: