Wireshark · Ethereal-users: Re: [Ethereal-users] ethereal 0.10.12 + synclink / lapd / isis

[clay wispell <clay.wispell@xxxxxxxxxxxxxx>]

hello guy,

the link format from the omniber is really lapd (sonet section dcc). the 
driver from the card manufacturer does not support native lapd on layer 
2; the card is currently setup as cisco-hdlc. packet-isis.c has been 
modified to register the isis protocol by name and all is well:


 1   0.000000      Network -> User         LAPD S, func=RR, N(R)=59
 2   9.231336      Network -> User         ISIS P2P HELLO, System-ID: 
00e0.004f.af21
 3   9.991451      Network -> User         LAPD S, func=RR, N(R)=60
 4  10.431185      Network -> User         LAPD S, func=RR, N(R)=61
 5  10.437877 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]00e0.004f.af21[1d] -> 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]0000.0e64.925c[1d] COTP CC 
TPDU src-ref: 0x1401 dst-ref: 0x1401
 6  10.450576      Network -> User         LAPD S, func=RR, N(R)=62
 7  10.458710      Network -> User         LAPD S, func=RR, N(R)=63
 8  10.467170 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]00e0.004f.af21[1d] -> 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]0000.0e64.925c[1d] COTP AK 
TPDU (1) dst-ref: 0x1401
 9  10.546747 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]00e0.004f.af21[1d] -> 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]0000.0e64.925c[1d] ACSE
10  10.562910      Network -> User         LAPD S, func=RR, N(R)=64
11  10.631883      Network -> User         LAPD S, func=RR, N(R)=65
12  10.639348 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]00e0.004f.af21[1d] -> 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]0000.0e64.925c[1d] COTP AK 
TPDU (2) dst-ref: 0x1401
13  10.899767 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]00e0.004f.af21[1d] -> 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]0000.0e64.925c[1d] PRES Data 
transfer PDU
14  10.914565      Network -> User         LAPD S, func=RR, N(R)=66
15  11.033555 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]00e0.004f.af21[1d] -> 
[39|84:0f][80|00:00:00|00:00][00:00|00:00]0000.0e64.925c[1d] PRES Data 
transfer PDU
16  11.048487      Network -> User         LAPD S, func=RR, N(R)=67
17  13.989504      Network -> User         LAPD S, func=RR, N(R)=68
18  14.228583      Network -> User         ESIS IS HELLO
19  20.496730      Network -> User         LAPD S, func=RR, N(R)=69


thank you,

clay





Guy Harris wrote:

> clay wispell wrote:
>
> > i am capturing and decoding data from an agilent omniber captured 
> > from a microgate synclink card. packet-lapd.c has been modified so 
> > that the incoming data is decoded as lapd (native cisco-hdlc on layer 2)
>
>
> So what's the *actual* link-layer format on the wire?  Is it really 
> LAPD, or is it Cisco HDLC, or is it something else?
>
> > and so that any information packets are decoded based on the nlpid of 
> > the packet. clnp and esis work well (nlpid 0x81 and 0x82), however, 
> > isis (nlpid 0x83) causes a segmentation fault. it appears that the 
> > culprit is a null value returned here in packet-lapd.c
> >
> >    isis_handle = find_dissector("isis");
>
>
> The ISIS dissector doesn't register itself by name, so the 
> "find_dissector()" call fails.
>
> If you want to dissect the packet based on the NLPID, you should 
> probably make "dissect_osi()" (in packet-osi.c) register itself by 
> name, and call *that* dissector, so that it'll do all the work for you 
> (handling not only ISIS, but CLNP and ESIS).
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users