Wireshark mailing list archives
Re: Strange decoding?
From: wiresharkusers () synerity com
Date: Wed, 25 Jan 2012 11:39:26 +0100
Hi, I haven't looked at the source code, but I guess Wireshark reads the IP version information in the IP header (contained in the first byte of the IP header), which is 6 in packet #6, and that probably overrides the ethertype. Regards, Jasper
Hello,
I have a faulty equipement sending IPv6 packets with ethertype 0x0800 (IPv4). Nevertheless Wireshark decodes it as IPv6. (check packet #6 of the joined file).
It seems strange to me, I thought Wireshark uses ethertype for decoding, or least selecting the disector, but it does not seems to be the case. And even if Wireshark uses an other method I would have like it to warn me.
Could someone explain to me why this behaviour?
Regards. Vincent
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Strange decoding? Vincent CATROS (Jan 25)
- Re: Strange decoding? wiresharkusers (Jan 25)
- Re: Strange decoding? Michael Tuexen (Jan 25)
- Re: Strange decoding? Vincent CATROS (Jan 25)
- Re: Strange decoding? Michael Tuexen (Jan 25)
- Re: Strange decoding? wiresharkusers (Jan 25)