I did a capture of a piece of software on my laptop loading firmware to a device. The packets look like this in list view:
687 53.047211 Dell_cb:f1:96 MegaSyst_01:b5:cf 0x4d45 Ethernet II
The source (Dell..) is my laptop and the dest (Mega...) is the device. The protocol is showing up as 0x4d45 (Unknown) and the type is showing up as Ethernet II.
I spoke to a friend who said that sometimes their gear shows up incorrectly in Wireshark as well.
So, my question(s) are:
If the traffic is really carried as TCP port 80 , but using 0x4d45 instead 0x0800 for ethertype on IP then it sounds like an attempt at security by obscurity. But the vendor should have told you that!
answered 01 Jan '11, 18:59