Ethereal

[ethereal-dev] tcpdump file != ethereal file ?
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-dev: July 1999

 

Hi,

I often use fd->cap_len to determine wether or not there
are more structures to disassemble in this packet.
-> see packet-ospf.c line 202

This works fine if I capture the packets with ethereal, but fails
if i use tcpdump. I often use the tcpdump we have at the office
(Redhat 4.2 - tcpdump version ???) -> sometimes you get dozens of 
LSAs or active neighbors which don't realy exist.

Did anyone else see this behaviour ? (in other protocolls ?)
What else should I use instead of fd->cap_len to determine the end of the
packet ?

Hannes

-- 
--
"The nice thing about standards is that there's so many to choose from." 
        -- Andrew S. Tanenbaum
!------------------------------------------------------------------!
  Hannes R. Boehm
        email   : hannes@xxxxxxxxx
        www     : http://hannes.boehm.org
        PGP-key : http://hannes.boehm.org/hannes-pgp.asc
!------------------------------------------------------------------!

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.