Re: (ASCEND) wddi Debug Data Format

To: Ascend Users <ascend-users@bungi.com>
Subject: Re: (ASCEND) wddi Debug Data Format
From: Andre Beck <beck@ibh-dd.de>
Date: Mon, 10 Nov 1997 11:37:32 +0100
In-Reply-To: <199711071734.JAA08152@scruz.net>; from Rylan Luke on Fri, Nov 07, 1997 at 09:34:03AM +0000
Organization: IBH Prof. Dr. Horn GmbH - Xlink PoP Dresden
References: <199711071734.JAA08152@scruz.net>
Sender: owner-ascend-users@max.bungi.com

On Fri, Nov 07, 1997 at 09:34:03AM +0000, Rylan Luke wrote:
> I am attempting to find a logon burp under NT 4 which causes my 
> Pipeline 75 to dial out.
> 
> Using wddi from Diagnostics, I get a hex dump of the packet which 
> causes the dialout.
> 
> I was promised a faxed document from Ascend Tech support which 
> explains what kind of data I am looking at... it never arrived.
> 
> Here is the data from wddi; is this an IP packet?
> 
>  [0000]: 00 C0 7B 63 B1 1E 00 80 C8 86 26 F6 08 00 45 00
>  [0010]: 00 3C E9 05 00 00 1F 01 E5 BF C0 A8 64 66 A5 E3
>  [0020]: 02 0A 08 00 25 5C 01 00 27 00 61 62 63 64 65 66
>  [0030]: 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72
> 
> I also looked on Ascend's web site, and couldn't find any documents 
> explaining this command, or the data format.
> 
> Is there such a document; is this just a standard packet that I can 
> use an RFC to decode?

It is simply a straight hexdump of a layer 2 frame, i.e. ethernet.
It is Ethernet_II and from the protocol id 0800 you can be sure it
indeed is IP. IP starts at offset 14 and is (as beeing IPv4) easily
detetcted with the first nibble of a byte beeing 4 (and in most cases
the whole byte beeing 45 due to normal [i.e. optionless] IP headers
having 5 longwords). The rest can be analyzed if you have RFC 791, 792
handy or with a nice little program that Phillip Vandry <vandry@Mlink.NET>
posted to this list a while ago (http://www.mlink.net/~vandry/hex2ppp.html):

beck@micky:~ > hex2ppp/hex2ppp 
 [0000]: 00 C0 7B 63 B1 1E 00 80 C8 86 26 F6 08 00 45 00
 [0010]: 00 3C E9 05 00 00 1F 01 E5 BF C0 A8 64 66 A5 E3
 [0020]: 02 0A 08 00 25 5C 01 00 27 00 61 62 63 64 65 66
 [0030]: 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 
00c07b63b11e0080c88626f60800 IPv4 <len=3c> <id=e905> <ttl 31> ICMP 192.168.100.102 --> 165.227.2.10 EchoRequest <code=0> <sum=255c> <id=256> <seq=9984> 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72
^D

Yeah, normal ICMP echo request (i.e. ping) from 192.168.100.102 to
165.227.2.10 and likely to cause a dialout.

Andre.
-- 

Kanther-Line: PGP SSH IDEA MD5 GOST RIPE-MD160 3DES RSA FEAL32 RC4

+-o-+--------------------------------------------------------+-o-+
| o |               \\\- Brain Inside -///                   | o |
| o |                   ^^^^^^^^^^^^^^                       | o |
| o | Andre' Beck (ABPSoft) beck@ibh-dd.de XLink PoP Dresden | o |
+-o-+--------------------------------------------------------+-o-+
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Follow-Ups:

Re: (ASCEND) wddi Debug Data Format

From: Larry Young <larry@zedak.com>

References:

(ASCEND) wddi Debug Data Format

From: "Rylan Luke" <rylan@rymar.com>

Prev by Date: Re: (ASCEND) wddi Debug Data Format
Next by Date: (ASCEND) Pipeline 50 Config Question
Prev by thread: Re: (ASCEND) wddi Debug Data Format
Next by thread: Re: (ASCEND) wddi Debug Data Format
Index(es):
- Main
- Thread