Wireshark · Ethereal-dev: Re: [Ethereal-dev] New dissector: packet-retix-bpdu.c

[Guy Harris <gharris@xxxxxxxxx>]

Guy Harris wrote:

> Or perhaps 3Com's old SMB-over-XNS.  I think 0x80 as an LSAP is assigned 
> to 3Com.

That appears to be what it is.  I've added a dissector for what appears 
to be 3Com's scheme for encapsulating XNS over Token Ring (and other 
protocols using 802.2 LLC), where an LSAP of 0x80 is used for that, and 
the first two bytes of the payload appear to be an Ethernet type.

It checks for a type of 0x0004 and calls the Retix BPDU dissector for 
those (perhaps Retix hijacked that LSAP or got permission to use it for 
their spanning tree protocol).  Try it with captures you have and see if 
it misses any - perhaps it needs to check for non-Ethernet-type values 
there.

(I also have a reasonably recent 802.11 capture from somebody that has 
packets with a DSAP of 0x80 and mysterious random stuff in the payload.)

I also added initial dissectors for XNS's IDP and SPP, derived from the 
Netware IPX and SPX dissectors (the latter protocols were derived from 
the former).