headers for netsniff

Bill_Caroselli1 · October 10, 2003, 9:00pm

I have used QNX4’s netsniff to look at data in ethernet packets.

Is there a header that defines what the bytes are that I can see from
netsniff? I.E. how to interpret them?

Yes, I know that netsniff will interpret them in real-time. But
I was recording the data in real-time. This is post-processing.

Bill_Caroselli1 · October 13, 2003, 1:44pm

Bill Caroselli <qtps@earthlink.net> wrote:
BC > I have used QNX4’s netsniff to look at data in ethernet packets.

BC > Is there a header that defines what the bytes are that I can see from
BC > netsniff? I.E. how to interpret them?

BC > Yes, I know that netsniff will interpret them in real-time. But
BC > I was recording the data in real-time. This is post-processing.

I’ve made some progress on this myself.

But, what is ether type code 0x2300 & 0x2600?
What can I know about what it these records contain?

Bill_Caroselli1 · October 13, 2003, 2:56pm

Bill Caroselli <qtps@earthlink.net> wrote:
BC > Bill Caroselli <qtps@earthlink.net> wrote:
BC > BC > I have used QNX4’s netsniff to look at data in ethernet packets.

BC > BC > Is there a header that defines what the bytes are that I can see from
BC > BC > netsniff? I.E. how to interpret them?

BC > BC > Yes, I know that netsniff will interpret them in real-time. But
BC > BC > I was recording the data in real-time. This is post-processing.

BC > I’ve made some progress on this myself.

BC > But, what is ether type code 0x2300 & 0x2600?
BC > What can I know about what it these records contain?

Forgot to apply ntohs(). That would be 0x0023 & 0x0026.
Also, what are these ether types:
004C
015A
9000

This is the same field where 0x0800 represents IP packets.

Also, what is IP Protocol 0x11?

Sean_Boudreau1 · October 14, 2003, 1:33pm

Bill Caroselli <qtps@earthlink.net> wrote:

Bill Caroselli <> qtps@earthlink.net> > wrote:
BC > Bill Caroselli <> qtps@earthlink.net> > wrote:
BC > BC > I have used QNX4’s netsniff to look at data in ethernet packets.

BC > BC > Is there a header that defines what the bytes are that I can see from
BC > BC > netsniff? I.E. how to interpret them?

BC > BC > Yes, I know that netsniff will interpret them in real-time. But
BC > BC > I was recording the data in real-time. This is post-processing.

BC > I’ve made some progress on this myself.

BC > But, what is ether type code 0x2300 & 0x2600?
BC > What can I know about what it these records contain?

Forgot to apply ntohs(). That would be 0x0023 & 0x0026.
Also, what are these ether types:
004C
015A
9000

This is the same field where 0x0800 represents IP packets.

Also, what is IP Protocol 0x11?

IPPROTO_UDP from <netinet/in.h>.

-seanb

Bill_Caroselli1 · October 14, 2003, 5:57pm

Sean Boudreau <seanb@node25.ott.qnx.com> wrote:

Forgot to apply ntohs(). That would be 0x0023 & 0x0026.
Also, what are these ether types:
004C
015A
9000

This is the same field where 0x0800 represents IP packets.

Also, what is IP Protocol 0x11?

SB > IPPROTO_UDP from <netinet/in.h>.

Doah! Thanks. I forgot to convert from hex to dec.

The ethertypes seem to be either Cisco Router specific or MS box
specific. There are clues that point to both. in either case,
it’s not the data that I’m looking for.