From 83aed00facb852b27419fde04afb4c59ac30d01f Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Fri, 28 Oct 2011 02:48:52 +0000 Subject: [PATCH] The version string field isn't followed by 20 bytes of stuff; the last 8 bytes of what we thought was a version string appears to be an 8-byte record of some sort in the captures we originally looked at, and appears to be a non-8-byte record in another capture. If we treat that as a record, the version string field appears to be null-padded and 41 bytes long. svn path=/trunk/; revision=39645 --- wiretap/aethra.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/wiretap/aethra.c b/wiretap/aethra.c index a4c89cfbc0..17818c5d5f 100644 --- a/wiretap/aethra.c +++ b/wiretap/aethra.c @@ -54,8 +54,7 @@ struct aethra_hdr { guint8 unknown5[8]; guchar com_info[16]; /* COM port and speed, null-padded(?) */ guint8 unknown6[107]; - guchar xxx_vers[29]; /* unknown version string (longer, null-padded?) */ - guint8 unknown7[20]; + guchar xxx_vers[41]; /* unknown version string (longer, null-padded?) */ }; /* Aethra record header. Yes, the alignment is weird. @@ -69,12 +68,22 @@ struct aethrarec_hdr { /* * Record types. + * + * XXX - is a record type of 0 used for anything other than "end of + * capture"? In at least one capture there's a record with a rec_type + * of 0, a timestamp of 0, and a flags value of 4, as well as a trailing + * record which is probably a "Stop Monitor" record with a rec_type of 0, + * a non-zero timestamp (not checked to see whether it gives the same + * time stamp as PC108 displays for the Stop Monitor record), and a + * flags value of 0. */ #define AETHRA_STOP_MONITOR 0 /* end of capture */ #define AETHRA_PACKET 1 /* packet */ /* * Flags. + * + * XXX - what does this mean for AETHRA_STOP_MONITOR records? */ #define AETHRA_U_TO_N 0x01