tcpdump mailing list archives

Re: decode MPLS-contained packets?

From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Thu, 7 May 2020 03:15:32 -0400 (EDT)

--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Thu, 7 May 2020 00:17:19 -0700

On May 7, 2020, at 12:04 AM, Francois-Xavier Le Bail via tcpdump-workers <tcpdump-workers () lists tcpdump org> wrote:

On 07/05/2020 08:53, Guy Harris via tcpdump-workers wrote:

"Looks like a valid Ethernet address" is defined as "the first three octets appear in Wireshark's file giving 
manufacturer names for OUIs".

What if the destination address is ff:ff:ff:ff:ff:ff (broadcast) for e.g. ARP request ?
Or some multicast address ?


In this *particular* case, that test is done only if the uppermost nibble of the uppermost octet is 0, so that would 
only be the case for the source address, which is less likely to be a group address than the destination address.  
There may be other places where that heuristic dissector is used, however.

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Re: decode MPLS-contained packets?, (continued)
- - - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 07)
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
    - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 07)
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 07)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 06)
  - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 06)
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 07)
    - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 07)
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 07)
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 07)
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 07)
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 08)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 07)
  - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 07)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 07)