Wireshark-bugs: [Wireshark-bugs] [Bug 5244] Add Dissector for ERSPAN Type-III Header
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5244
--- Comment #16 from Jason Masker <jason@xxxxxxxxxx> 2010-09-24 08:46:57 PDT ---
Created an attachment (id=5212)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5212)
Capture for ERSPAN header comparison
Here is a sample capture to help with comparing the three different header
types I am seeing. (And also a wonderful example of why I love ERSPAN :D)
I set up 3 simultaneous captures of an ICMP echo & response stream. The capture
shows this repeated echo and response between two hosts, but you see each
packet 3 times. I set up the following:
On a Catalyst 6500:
Session 2
---------
Type : ERSPAN Source Session
Status : Admin Disabled
Source VLANs :
Both : 1254
Destination IP Address : 10.0.33.13
Destination ERSPAN ID : 111
Origin IP Address : 10.0.15.255
On a Nexus 1000v:
session 2
---------------
type : erspan-source
state : up
source intf :
rx : Veth21
tx : Veth21
both : Veth21
source VLANs :
rx :
tx :
both :
filter VLANs : filter not specified
destination IP : 10.0.33.13
ERSPAN ID : 222
ERSPAN TTL : 64
ERSPAN IP Prec. : 0
ERSPAN DSCP : 0
ERSPAN MTU : 1500
ERSPAN Header Type: 2
session 3
---------------
type : erspan-source
state : up
source intf :
rx : Veth21
tx : Veth21
both : Veth21
source VLANs :
rx :
tx :
both :
filter VLANs : filter not specified
destination IP : 10.0.33.13
ERSPAN ID : 333
ERSPAN TTL : 32
ERSPAN IP Prec. : 1
ERSPAN DSCP : 8
ERSPAN MTU : 1500
ERSPAN Header Type: 3
You can identify which packets are coming from which captures by the erspan id.
You will find all three vary slightly in the headers.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.