Document ethernet padding with -x #1
Comments
|
Submitted by fenner Logged In: YES tcpdump captures the packets as they appear on the wire; |
|
Submitted by fenner Logged In: YES The documentation is not particularly strong on this |
|
Submitted by fenner Logged In: YES man page updated, in HEAD and in 3.7 branch. |
This was referenced Apr 16, 2013
This was referenced Jun 18, 2014
infrastation
added a commit
that referenced
this issue
Oct 8, 2016
This should resolve a Coverity warning: CID 702208 (#1 of 1): Uninitialized scalar variable (UNINIT) 2. uninit_use_in_call: Using uninitialized element of array "l2info.cookie" when calling "juniper_parse_header"
Closed
fxlb
added a commit
to fxlb/tcpdump
that referenced
this issue
Jun 14, 2020
The error was:
reading from file bgp-rt-prefix.pcap, link-type EN10MB (Ethernet), snapshot
length 262144
==22310==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7daf9a in decode_rt_routing_info print-bgp.c:1040:5
the-tcpdump-group#1 0x7d52aa in bgp_nlri_print print-bgp.c:1810:27
[...]
SUMMARY: MemorySanitizer: use-of-uninitialized-value print-bgp.c:1040:5
in decode_rt_routing_info
fxlb
added a commit
that referenced
this issue
Jan 16, 2023
This change should fix the following Coverity Scan issues: CID 1397795 (#1 of 1): Unused value (UNUSED_VALUE) assigned_pointer: Assigning value from tlv_tptr + 4UL to tlv_tptr here, but that stored value is overwritten before it can be used. CID 1397796 (#1 of 1): Unused value (UNUSED_VALUE) assigned_value: Assigning value from tlv_tlen - 4UL to tlv_tlen here, but that stored value is overwritten before it can be used.
fxlb
added a commit
to fxlb/tcpdump
that referenced
this issue
Jan 16, 2023
This change should fix the following Coverity Scan issues: CID 1397795 (the-tcpdump-group#1 of 1): Unused value (UNUSED_VALUE) assigned_pointer: Assigning value from tlv_tptr + 4UL to tlv_tptr here, but that stored value is overwritten before it can be used. CID 1397796 (the-tcpdump-group#1 of 1): Unused value (UNUSED_VALUE) assigned_value: Assigning value from tlv_tlen - 4UL to tlv_tlen here, but that stored value is overwritten before it can be used. (cherry picked from commit 98145e4)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Converted from SourceForge issue 559168, submitted by nobody
While playing around with both tcpdump 3.7.1 and tcpdump 3.6
I belive I have found a bug with the representation of Ethernet
trailer information within an IP packet information.
I have sent an ICMP Timestamp request to a destination host
and with the reply I saw wierd padding at the end of the packet:
13:16:23.010811 10.50.1.63 > 10.50.1.211: icmp: time stamp
query id 40973 seq 0 (ttl 255, id 13170, len 40)
4500 0028 3372 0000 ff01 70ed 0a32 013f
0a32 01d3 0d00 226f a00d 0000 02a2 2de1
0000 0000 0000 0000 0000 0000 0000
13:16:23.011395 10.50.1.211 > 10.50.1.63: icmp: time stamp
reply id 40973 seq 0 : org 0x2a22de1 recv 0x2a6c8c9 xmit
0x2a6c8c9 (DF) (ttl 255, id 42448, len 40)
4500 0028 a5d0 4000 ff01 be8e 0a32 01d3
0a32 013f 0e00 8a8f a00d 0000 02a2 2de1
02a6 c8c9 02a6 c8c9 5555 5555 5555
As you can see there are 6 bytes added at the end of the ICMP
Timestamp reply, just after the transmit timestamp information
(5555 5555 5555).
You can also see the same thing with the ICMP Timestamp
request I have sent. In this case the padded trailer was 0000
0000 0000.
Using ethereal (which also display this at the end of the IP
packet...) I was able to track the padded information to be the
Ethernet Trailer.
Thank you
Ofir Arkin
ofir@sys-security.com
The text was updated successfully, but these errors were encountered: