Hi, I've attached two captures with a single packet in each.
They are both supposed to be syslog events injected into the capture with SLL (Linux cooked capture). On one everthing is decoded as expected in the other with the same first 16 octets it is detected as Ethernet II only. I cannot figure out why they are not both decoded as SLL/Linux cooked-mode captures. Any thoughts would be greatly appreciated. I'm running on Windows 7 using Wireshark 2.6.1. The capture was taken on a CentOs 7 box by a tool injecting the "fake" syslog message. BR, Michael Michael Lum ([email protected]<mailto:[email protected]>) | STAR SOLUTIONS<http://www.starsolutions.com/> | Principal Software Engineer 4600 Jacombs Road, Richmond BC, Canada V6V 3B1 | +1.604.303.2315
sll-not_detected.pcap
Description: sll-not_detected.pcap
sll-detected.pcap
Description: sll-detected.pcap
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
