On 1/26/09 8:47 PM, "Aaron Turner" <synfina...@gmail.com> wrote:
> Yes, but you still need a properly formed pcap file to start off with.
> If you had a DLT_RAW, DLT_LOOP or DLT_NULL pcap file without any L2
> header information you could add it with tcprewrite.
Hi Aaron,
Thanks for your reply. Does this mean, that if I have a DLT_RAW or DLT_NULL in
the pcap file which I believe is a global setting for the entire pcap file, I
would be able to add my own L2 information with tcprewrite. How would
tcprewrite know where the L3 payload start or does it, in this case, expect the
packet frame to start with L3 data?
Thanks,
Nilesh
________________________________
From: Aaron Turner <synfina...@gmail.com>
To: Main forum for tcpreplay <tcpreplay-users@lists.sourceforge.net>
Sent: Monday, January 26, 2009 8:47:02 PM
Subject: Re: [Tcpreplay-users] Assuming default ethernet DLT with IPv4 payload
for packets missing Layer 2 headers
On Mon, Jan 26, 2009 at 5:50 PM, Nilesh Khambal <nkham...@yahoo.com> wrote:
> Hi,
> I have a PCAP file which for some reason, is missing a layer 2 ethernet
> header in some frames. Layer 3 payload is IP and Layer 4 is TCP. Now
> tcpdump/ethereal is not able decode these frames with missing layer 2
> headers as a valid tcp/ip frame and ends up decoding it as ETHERNET II type
> frame.
What you have described is a broken/invalid frame. Certain kinds of
pcap file DLT types assume there is no layer 2 header (DLT_RAW for
example), but DLT_EN10MB (ethernet) must have an ethernet header.
You'll have to hack the tcpreplay code if you want it to handle this
kind of situation.
[snip]
> Is there a way to force tcpprep to assume default ethernet DLT and use IP as
> Layer3 payload?
No. tcpprep assumes that the DLT specified in the pcap file header is
correct and that the L2-4 headers can be properly parsed accordingly.
> Also, can tcprewrite insert (instead of rewrite) an L2
> header with the information I provide in such frame if the L2 header is not
> found or was so instructed at tcprewrite CLI?
Yes, but you still need a properly formed pcap file to start off with.
If you had a DLT_RAW, DLT_LOOP or DLT_NULL pcap file without any L2
header information you could add it with tcprewrite.
Regards,
Aaron
--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little
temporary Safety,
deserve neither Liberty nor Safety.
-- Benjamin Franklin
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
