I spent all today interfacing to a ethernet chip and looking at packets....

Why the hell doesn't etherreal allow you to load a single packet as a binary dump?!

The text2pcap software is complete and utter junk that wouldn't take any input (binary->text using od.exe), even as specified in it's manpage.

I ended up having to write a small utility to dump the binary output as text that it liked, but I find it ever so amusing that I have to drop to a command line to run a batch file to get the packet into a format that it'll understand.

Most frustrating day ever. I still don't get how ARP doesn't end up with it's knickers in a twist when DHCP gets involved. (release address and allocate a new one).

I need a beer.

Ok, despite the fact that I think etherreal should be able to open a single binary packet, it proved very useful

I got ARP, ICMP (echo) & UDP all working nicely and with the tinyist amount of code, which is good enough for our application (abliet with my "stack" running on the PC through pcap with the card in promiscous mode)

Today will be fun

Ooh...thanks bitt. Actually I saw some of the gratuituous ARP packets today in ethereal and wondered what they were, but I've spent so much time reading RFC's my mind is going round the bend!

Actually, so much so that I couldn't figure out why I wasn't seeing a response to the DHCP discover packet I was sending, spent most of the afternoon trying to find out why.....

...only to finally remember that the network in my office is plugged into a switch not a hub, so I wouldn't see the response to the discover packet on ethereal on my PC! Obviously when I put a breakpoint on my UDP code the packet was coming back in....d'oh.

Taking in my little 4 port hub tomorrow so I can at least use ethereal to verify my packets and see the traffic flow!

No problem. That knowledge was hard-gained, let me tell you.