I try to find it, but I can't. There is only RARP-request. asked 05 Dec '13, 05:11  DariaS |
One Answer:
Here we go As I did not have such a capture file and no working rarp daemon, I created the file with a Hex editor, according to RFC 903. It should be correct, at least Wireshark shows the reply correctly ;-)) Have fun! Regards answered 05 Dec '13, 08:13  Kurt Knochner ♦ edited 06 Dec '13, 05:04 |
Kurt, thank u very much for this file. But the reverse-ARP protocol in std of Ethernet II has code 0x8035. In your pcap it's ARP proto with needed opcode.
Try this: http://cloudshark.org/captures/085306acbc43
I just used a hex editor to replace 0x0800 with 0x8035. Seems to work in Wireshark and Cloudshark
Good find! You're right, I overlooked that, because the Wireshark ARP dissector registers both for ARP and RARP and thus it shows the frame correctly, even with the 'wrong' ethertype.
Anyway, I fixed the ethertype and edited my answer. The cloudshark link points to the corrected file now.
EDIT: @Jasper was a few minutes faster in starting the Hex editor :-))