I am trying to import below ICMP6 destination unreachable packet in hex dump into Wireshark but it keeps stripping last byte (34) here and then indicate checksum is invalid. I tried remove '34' and re-import again, in that case '4e' would be stripped instead... This is a Raw IPv6 packet and I imported it with below setting: Offsets: hexadecimal Encapsulation type: Raw IPv6 I tried import an ICMPv4 destination unreachable packet and it worked fine. I am wondering if I am missing something here ? Any idea is well appreciated! thanks! 0000 60 00 00 00 00 24 3a 7c 00 00 00 00 00 00 00 00 asked 15 Jan '15, 15:02  Gallon edited 15 Jan '15, 15:04 |
One Answer:
This function is derived from text2pcap, and Text2pcap understands a hexdump of the form generated by od -Ax -tx1 -v. In other words, each byte is individually displayed and surrounded with a space. It that 'surrounded with a space' that's tripping you up. Add a trailing space and you should be fine. answered 16 Jan '15, 07:12  Jaap ♦ thanks. That helps! (16 Jan '15, 09:41) Gallon As indicated, the trunk's "import from a text file" doesn't require the trailing space; the trunk's text2pcap doesn't, either. The requirement for a trailing space was a bug, and was apparently fixed at some point. I've updated the text2pcap man page to reflect that. (16 Jan '15, 10:42) Guy Harris ♦♦ |
What version of wireshark do you use? It sounds like an old bug
...and if it's an old bug, there's no reason to submit it on the Wireshark Bugzilla.
I can't reproduce this with the version of Wireshark on the tip of the main branch, so this might be an old bug.
(By the way, why does an ICMPv6 Destination Unreachable packet have an IPv4 packet as the packet sent to the unreachable destination?)