RE: [ethereal-dev] Ethereal on Solaris -- lexical scanner problem s.

["Brown, Wes" <Wes_Brown@xxxxxxx>]

I don't meant to laugh, but ... :)

'BADBEEF' is indeed a correct fragment of an ethernet address.  The test
cases and test files that I have use these ethernet addresses to easily
distinugsh from 'real' traffic.

Alas, no, I don't have a pre-0.7.0 Ethereal handy.  I just leapt into
this project yesterday.

Wes

-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Friday, August 06, 1999 5:27 PM
To: Brown, Wes
Cc: 'Guy Harris'; Brown, Wes; 'Gilbert Ramirez'; 'ethereal-dev@xxxxxxxx'
Subject: Re: [ethereal-dev] Ethereal on Solaris -- lexical scanner
problem s.


> $1 = {ts_sec = 12513210, ts_usec = 3489792186, incl_len = 3689869315,
>   orig_len = 134235392}

	#
	# "showtime_t" is a little program I whipped up a while ago
	# that takes a "time_t" value as an argument and prints it
	# out as a date and time.
	tooting$ showtime_t 12513210
	Mon May 25 12:53:30 1970

Hmm.  That's not a good sign; it looks as if we're at a bogus offset in
the file.

	tooting$ bc
	obase=16
	12513210
	BEEFBA
	3489792186
	D00200BA
	3689869315
	DBEEF003
	134235392
	8004500

"BEEF" looks a little suspicious - in fact, it looks as if "BADBEEF"
appears; this could be packet data of some sort, further suggesting that
we're at the wrong offset in the file.

Do you happen to have a pre-0.7.0 Ethereal handy, configured *without*
"wiretap"?  If so, it might be interesting to see whether it can read
the same capture file; if so, that suggests some problem with
"wiretap"'s handling of "libpcap" files.