Using Wiresharks release 1.6.1, running on Windows 7. Wiresharks used to show protocol HTTP for a http packet. However, recently it cannot correctly show the protocol names, instead, it shows 0x0800 in the Protocol column. It seems Wiresharks cannot identify it is a http packet. The same problems happen to all the protocols above the IP layer. Reinstalled Wiresharks several times, got the same problem. Anything wrong? asked 08 Sep '11, 09:36  wfun |
2 Answers:
If it's showing 0x0800 in the Protocol column, it's not even identifying it as an IPv4 packet, which explains why it's not identifying anything above the IP layer. Try the "Enabled Protocols" item in the "Analyze" menu, and see whether there's a checkmark next to IPv4. If not, check that checkbox and click "OK", and see if that fixes the problem; if so, that means that, somehow, the IPv4 dissector got disabled. answered 08 Sep '11, 10:58  Guy Harris ♦♦ |
Nothing wrong, I would say: 0x0800 indicates the IP protocol in the protocol code field. answered 19 Aug '14, 02:43  Sophia |
In general, as far as I know: From IANA: Ethernet assigned numbers. IEEE: Registration authority.
Ethertype
0x0000 and 0x05DC = IEEE 802.3 length.
0x0600 = XEROX NS IDP.
0x0660 and 0x0661 = DLOG.
0x0800 = IP, Internet Protocol
0x0801 = X.75 Internet.
0x0802 = NBS Internet.
0x0803 = ECMA Internet.
0x0804 = Chaosnet.
0x0805 = X.25 Level 3.
0x0806 = ARP, Address Resolution Protocol.
0x0807 = XNS compatibility.
0x0808 = Frame Relay ARP.
0x8035 = DRARP, Dynamic RARP. RARP, Reverse Address Resolution Protocol.
0x80F3 = AARP, AppleTalk Address Resolution Protocol.
See: http://www.networksorcery.com/enp/protocol/802/ethertypes.htm
Well there is an RFC about it: 894