"00 30 b6 53 00 06" is the MAC address of the Cisco Ethernet port that's sending the traffic out to my workstation running Wireshark. The first few unknown bytes are part of the MAC address of the Cisco.
The next bytes are unclear to me. Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Meier Sent: Saturday, March 01, 2008 11:24 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow Frank Bulk wrote: > Thanks for your willingness to look at this. I'm glad to have a tool like > Wireshark because I can't interpret the raw packets. =) > > Attached are three ping packets that my Wireshark PC caught. The info line > complains "Bogus IP length (8, less than header length 24)". > I see an extra 20 bytes between the ethernet header and the ip header; I'm not knowledgeable enough to know what those bytes are. (I'll certainly be interested to see the determination as to what they are). Ethernet hdr specifying type 0x0800 [IP] 0000 00 12 79 63 1a 8c 00 30 b6 53 00 06 08 00 20 unknown (to me) bytes 0000 b6 53 0010 00 08 00 01 4a 9e 0e 06 88 64 11 00 00 06 00 3e 0020 00 21 looks like a good ip hdr & icmp payload 0020 45 00 .................................... 0030 ................................................ 0040 ................................................ 0050 ............................................ _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
