I am creating IP packets and sending them over ethernet. I am using jpcap library for it. When I analyze the packet using wireshark, it shows the protocol as eth:ip:ip, i.e. two IP headers followed by the data. So some of my data following the 1st IP header is treated as header itself!! This is creating a lot of trouble. This is bizzare, and I am not able to understand the reason behind it. Does it have to do anything with wireshark setting, or the jpcap library?? asked 26 Nov '13, 00:13  mohit93 |
2 Answers:
If you look at the line below the marked one (blue), you will see that the IP protocol type is 'IP in IP'. That's the reason why Wireshark shows two IP headers. If that was not your intention, why did you choose protocol type 0x04 (IP in IP)? If you want TCP (protocol 0x06) or UDP (protocol 0x11) then please choose the right protocol in your IP header. Maybe you just misinterpreted that field as IP protocol version and thus you chose the value of 4. Regards answered 26 Nov '13, 03:43  Kurt Knochner ♦ edited 26 Nov '13, 04:04 @Kurt: Thanks for pointing that out. So, the protocol field decides which higher-level protocol uses this IP header. But I just want to send this IP packet over ethernet. No other protocol should encapsulate it. So, What should I set my protocol number as?? (26 Nov '13, 03:53) mohit93
yes.
Try 255, as that value is officially reserved and I guess Wireshark will not dissect it in any way. If that does not work, try other values from the link above, like 253 or 254 (for testing and experimenting) or any value from the range (143-252 -> UNASSIGNED). Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up). Regards (26 Nov '13, 04:02) Kurt Knochner ♦ @Kurt: Thanks for the great help. With 255, Wireshark is not dissecting it, so I can see my data alright. Just one more doubt: This reserved protocol number won't affect its transmission over Ethernet, and I can read the packet as it is on the other end? Do all the packets in the network need to have one of these standard protocol numbers? Aren't there any simple IP packets in the network, which are not used by any other layer? (26 Nov '13, 04:18) mohit93
well, I cannot guarantee that, as it obviously depends on the device that handles your IP packet. A switch will not care, neither will a router. However a firewall might decide to drop the frame for several reasons (firmware, configuration, etc.).
No, you don't have to choose one of the standard protocol numbers. You are free to choose whatever is appropriate for your protocol. However: firewalls will certainly only allow what they know and that's mostly the standard protocols, while most of the firewalls I know of, can be configured to allow whatever you want.
Not that I know of, because the idea of IP is to be a transport mechanism (routing) for the payload (data) of higher layer protocols. Please work through the TCP/IP guide. It will explain some of those TCP/IP basics. or read the classic book, TCP/IP Illustrated Volume 1
(26 Nov '13, 04:29) Kurt Knochner ♦ Thanks for the great help! It is a FPGA on the other side, so I don't think there will be any firewall issues! Thanks again! (26 Nov '13, 04:38) mohit93 |
Wireshark doesn't make things up (it may annotate captures with such things as sequence analysis), it shows what has been captured. answered 26 Nov '13, 01:48  grahamb ♦ |
Please post a sample capture file somewhere (Google drive, dropbox,cloudshark.org, mega.co.nz)
This is the link for the wireshark capture. Notice the top line: Protocols in frame[eth:ip:ip] https://drive.google.com/file/d/0BzzMYblB9rVPajNhbGRIcTlxdFE/edit?usp=sharing