socket sends unexpected extra word in UDP packet

Pierre Fortin pfortin at pfortin.com
Sun May 26 00:18:03 EDT 2002 

Chris,

Scratch this thread...  the more I dig, the more it looks like RH7.2
contains a buggy ethereal...  all packets (previously hidden by filters)
exhibit this trait...  :^P

Sorry for the intrusion.

Pierre

On 26 May 2002 01:25:52 +0200 Chris Liechti <cliechti at gmx.net> wrote:

> Pierre Fortin <pfortin at pfortin.com> wrote in
> news:20020525181034.42ffddb0.pfortin at pfortin.com: 
> > On 25 May 2002 23:32:42 +0200 Chris Liechti <cliechti at gmx.net> wrote:
> >> Pierre Fortin <pfortin at pfortin.com> wrote in 
> >> news:20020525170124.3b2d7755.pfortin at pfortin.com:
> >> > I created a simple UDP script which does not work with some remote
> >> > hosts...  the only difference I can find is that the packet start
> >> > looks like this:
> >> > 
> >> >   MACdst, MACsrc, 0x0000, 0x0800, 0x45...
> >> >                   ^^^^^^  This is extra.
> >> > 
> >> > Some systems seem to ignore the extra 0x0000; but my customer's
> >> > server doesn't...  At this point, I don't
> >> > know precisely what OS the server is running.
> >> > 
> >> > I can have a fix tested if someone has a patch...  I'm not
> >> > comfortable with the socketmodule.c source; but I'm hunting for the
> >> > bug in the meanwhile...
> >> 
> >> it would help when you could post some small script that shows you
> >> problem. not many people will come up with their own test script but
> >> if you post one many people could verify your results and code and
> >> give you some specific advice (or even guess the unknown OS :-).
> > 
> > Sorry...  I assumed that the problem was a generic bug...  the script
> > sends fine from my Mandrake8.2 system (I'm in NC, USA); but sends the
> > extra 0x0000 from a RedHat7.2 system (in India)...  
> > 
> > Besides, s.sendto() does not give the user access to those parts of
> > the packet; just the target host/port and the data payload...  not an
> > excuse for not including, just my thinking... :^)
> 
> these extra bytes seem to be in the ethernet level. thats a problem of
> the OS and not of python.
> 
> do you capture the frames from india localy there or at your place? when
> 

The user in India runs ethereal while running the script.

> you capture those frames on you local net from outside, then it could be
> 
> your router that causes the problem (as ethernet level info does not
> leave your local network, only IP level and above)

No router involved...  this is trace of packet leaving on local NIC.

> > The following script sends correctly from my system; I'll have it
> > tried in India...
> > 
> > #!/usr/bin/env python
> > import socket
> > s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
> > s.sendto("Hello World",('1.2.3.4',1234))
> > 
> > Sends:
> > 
> > 0000  00 20 78 c9 e1 1a 00 01  02 e8 d8 8d*08 00 45 00
> > 0010  00 27 00 00 40 00 40 11  74 b4 c0 a8 01 64 01 02
> > 0020  03 04 80 7f 04 d2 00 13  62 96 48 65 6c 6c 6f 20
> > 0030  57 6f 72 6c 64                            
> 
> grr, copy&paste does not work in the hex view of ethereal on win32 :-(
> but i get the same (except the MACs of course)

Select with left-mouse, paste with middle-mouse...  oh yeah!  probably no
middle-mouse on W*...  :^)

> > On the RedHat7.2 system, Python 2.2.1 was not included (1.5.2), so it
> > was built from the tarball.  That system gives this on every packet of
> > the production script (won't know the results of the above test script
> > for a day or two...):
> > 
> > 0000  00 04 00 01 00 06 00 02  44 16 3a 46 00 00 08 00
> > 0010  45 00 ....                           ^^^^^
> 
> that should be the type, if its an Ethernet II frame but the 802.3
> Ethernet has a length field there (at least when i interpret this page: 
> 
> http://www.rware.demon.co.uk/ethernet.htm)

Right...  notice the type (0800), IPv4 (4) and length (5) are all shifted
right...

> looks to me as if there were a problem with the ethernet protocol
> version
>
> > [Aside: if you're wondering about the weird dst MAC address, ethereal
> > replaces it with:
> >    Linux cooked capture
> >         Packet type: Sent by us (4)
> >         Link-layer address type: 1
> >         Link-layer address length: 6
> >]

Pierre

More information about the Python-list mailing list