Hi,
It looks like a problem with the dissector code. If
you disable SNMP as a protocol then Ethereal decodes
it as HSRP just fine. This is probably because the
SNMP dissector runs before HSRP dissector.
Now, looking at the source code both the packet-snmp
and packet-hsrp check udp.port which covers both
source/dest I believe. I think these should be changed
to udp.dstport to be more accurate if thats the
filters used in the source (probably other dissectors
have same problem). I'm not familar with the source
really but that looks to be a problem to me.
HTH, Erick
--- Alban ROCHETEAU <alban.rocheteau@xxxxxxxxxxxxx>
wrote:
>
> Hi!
>
> I'm a user of Etherreal and I have to face problems
> with the HSRP decoding.
>
> In fact, HSRP in my network is used by some
> switches. The particulary of
> that switch is the use of source port under 1024 in
> their HSRP frames. For
> instance, some switches uses port 161 (SNMP port) as
> source port for their
> HSRP frames. So, Ethereal decodes the frames as SNMP
> frames and not as HSRP
> frames as it should do (because of the destination
> port 1985).
>
> Is this normal and what can I do to bypass the
> problem
>
> I join and example of a capture in this mail
>
>
> Thanks for your response
>
> ----------------------------------------------
> Alban ROCHETEAU
> MMA - DI / ACT Réseaux & Télécoms
> 19-21 Rue Chanzy
> 72030 Le Mans Cedex 09
> tel: 02.43.41.20.37
> gsm: 06.85.67.35.10
>
> ATTACHMENT part 2 application/octet-stream
name=hsrp-trace
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
