[prev in list] [next in list] [prev in thread] [next in thread]
List: tcpdump-workers
Subject: Re: [tcpdump-workers] print-gre.c: 0x00fe for is-is
From: Hannes Gredler <hannes () juniper ! net>
Date: 2002-10-31 7:21:42
[Download RAW message or body]
On Thu, Oct 31, 2002 at 04:24:09AM +0900, Jun-ichiro itojun Hagino wrote:
| question: which standard dictates that 0xfefe is for is-is on GRE?
none that i am aware of;
people been at cisco have, an interesting story to tell about the whole
IS-IS encapsulation using ethertype codes.
as you may know cisco is using 2-byte protocol discriminators for
CHDLC - the common belief is that ethertype values are inserted
here. the interesting thing sbout IS-IS that there is no
ethertype for IS-IS as it always runs over LLC using the
OSI DSAP and SSAP of FEFE; so born was teh pseudoethertype
for IS-IS;
because there was a harware design flaw in their SSE (silicon switch engine)
in their ancient 7000 routers [there was a padding/alignment
issue] a fudge byte [ 00 ] had to be inserted;
so the first two bytes look like 00FE; and this is what you
can see today in packetdumps;
(08:11 hannes@ghostrider:~/tcpdump) ./tcpdump -n -r ~/gre2.jtcpdump -x | grep -A 5 "08:02:39.756553"
08:02:39.756553 IP 172.26.26.193 > 172.26.26.170: OSI IS-IS, p2p IIH, length: 48 (DF)
4500 0048 0000 4000 402f ace7 ac1a 1ac1
ac1a 1aaa 0000 00fe 8314 0100 1101 0000
----------------------------------------^^^^
0200 1000 0000 0400 1b00 3001 f005 0200
0000 0a81 02cc 8e84 04c0 a801 0201 0403
4900 02d3 0300 0000
-- just realized that i am not catching 00FE but rather FEFE - thats a mistake
i already have corrected it;
thanks,
/hannes
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request@tcpdump.org?body=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic