[Tcpreplay-users] Assuming default ethernet DLT with IPv4 payload for packets missing Layer 2 headers

Mon, 26 Jan 2009 18:51:18 -0800 

Hi,

I have a PCAP file which for some reason, is missing a layer 2 ethernet header 
in some frames. Layer 3 payload is IP and Layer 4 is TCP. Now tcpdump/ethereal 
is not able decode these frames with missing layer 2 headers as a valid tcp/ip 
frame and ends up decoding it as ETHERNET II type frame.

[r...@ilinux-nilesh snoopy]# tethereal -r tcp-out.pcap
tethereal: Symbol `pcap_version' has different size in shared object, consider 
re-linking
  1   0.000000 Ansel_Co_80:40:00 -> 02:00:00:00:45:10 0x4006 Ethernet II   
<<<<<<< Actual SYN packet
  2   0.000254     10.0.0.2 -> 10.0.72.7    TCP telnet > 50124 [SYN, ACK] 
Seq=783286529 Ack=3099475376 Win=65535 Len=0
  3   0.001068 00:34:90:81:40:00 -> 02:00:00:00:45:10 0x4006 Ethernet II     
<<<<<<<< Actual ACK packet
 <...>

tcpprep, is too, not able to understand this. It crashes with an assertion.

[r...@ilinux-nilesh snoopy]# tcpprep --auto=client --pcap=tcp-out.pcap 
--cachefile=tcp-out.cache
tcpprep: tree.c:337: add_tree: Assertion `ip == newnode->ip' failed.
Aborted
[r...@ilinux-nilesh snoopy]#


Is there a way to force tcpprep to assume default ethernet DLT and use IP as 
Layer3 payload? Also, can tcprewrite insert (instead of rewrite) an L2 header 
with the information I provide in such frame if the L2 header is not found or 
was so instructed at tcprewrite CLI?

Here is the version info

[r...@ilinux-nilesh snoopy]# tcpreplay -V
tcpreplay version: 3.3.2 (build 2065)
Copyright 2001-2008 by Aaron Turner <aturner at synfin dot net>
Cache file supported: 04
Not compiled with libnet.
Compiled against libpcap: 0.7.2
64 bit packet counters: enabled
Verbose printing via tcpdump: disabled
Packet editing: disabled
Fragroute engine: disabled
[r...@ilinux-nilesh snoopy]#
[r...@ilinux-nilesh snoopy]# tcpprep -V
tcpprep version: 3.3.2 (build 2065)
Copyright 2001-2008 by Aaron Turner <aturner at synfin dot net>
Cache file supported: 04
Not compiled with libnet.
Compiled against libpcap: 0.7.2
64 bit packet counters: enabled
Verbose printing via tcpdump: disabled
[r...@ilinux-nilesh snoopy]#
[r...@ilinux-nilesh snoopy]# tcprewrite -V
tcprewrite version: 3.3.2 (build 2065)
Copyright 2001-2008 by Aaron Turner <aturner at synfin dot net>
Cache file supported: 04
Not compiled with libnet.
Compiled against libpcap: 0.7.2
64 bit packet counters: enabled
Verbose printing via tcpdump: disabled
Fragroute engine: disabled
[r...@ilinux-nilesh snoopy]#


Thanks,
Nilesh.


      
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Reply via email to