Re: Strange decoding?

[wiresharkusers () synerity com]

Hi,

  I  haven't  looked  at  the  source  code,  but I guess Wireshark reads the IP
  version  information  in  the  IP  header (contained in the first byte of the IP header),
  which  is 6 in packet #6, and that probably overrides the ethertype.

Regards,
Jasper

> Hello,

> I have a faulty equipement sending IPv6 packets with ethertype 0x0800 (IPv4).
> Nevertheless Wireshark decodes it as IPv6. (check packet #6 of the joined file).

> It seems strange to me, I thought Wireshark uses ethertype for decoding, or
> least selecting the disector, but it does not seems to be the case. And even
> if Wireshark uses an other method I would have like it to warn me.

> Could someone explain to me why this behaviour?

> Regards.
> Vincent

> Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ?
> Je crée ma boîte mail www.laposte.net


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe