Wireshark mailing list archives
Re: : Idea for corrupted packet decoding
From: Hansang Bae <for_list_hbae () nyc rr com>
Date: Thu, 01 Jul 2010 18:02:28 -0400
On 6/29/2010 6:26 AM, Putrycy wrote:
Hi everyone, I am developing piece of software, related to TCPIP stack. I have a weird problems, and no idea for how to diagnose em. Problem is : packets are getting malformed. Seeing em in wireshark helps a lot. Packets seem to be trimmed at the beginning and moved left (Ethernet II -> MACs) at exactly 2 bytes. Id like to make sure, they're not malformed in any other way. My idea would be to add those missing two bytes by hand, and then try to "decode" packet that was prepared like that. Problem is im not sure how to make it. Id be very grateful for any help: Here's an example: correct destination mac: a:b:c:d:e:f correct source mac: o:p:q:r:s:t These are malformed like: dest mac: c:d:e:f:o:p src mac: q:r:s:t:X:X where X is something incorrect. Thanks a lot for any suggestions.
You can do this a couple of different ways. You can print out the BYTES (files, export, hex bytes) to a file and edit it with a text editor. Or you can just open the PCAP files and use any hex editor to add it in. Note all the CRCs will be thrown off by it, but I don't think you care about that. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: : Idea for corrupted packet decoding Hansang Bae (Jul 01)