Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] [patch] Dissect cisco mst bpdu's (Subject was: Info on mst bpdu'

From: Sake Blok <sake@xxxxxxxxxx>
Date: Sun, 29 Oct 2006 20:46:47 +0100
Hi,

The attached file is a patch to packet-bpdu.c so that Wireshark is
able to dissect the Cisco MST BPDU's that I encountered last week.

Cheers,


Sake


On Sat, Oct 28, 2006 at 12:32:00AM +0200, Sake Blok wrote:
> Hi,
> 
> Yesterday I was troubleshooting a spanning-tree issue at a customer.
> The customer is running MST and I collected some BPDU's. Unfortunately
> these BPDU's are not properly decoded by Wireshark. In order to start
> writing my first (real) addition to Wireshark I downloaded the
> IEEE 802.1D-2004 and the IEEE 802.1Q-2003 and read though them (I added
> a link to IEEE 802.1Q-2003 to the Wiki page on STP).
> 
> To me it looks like the BPDU-packet layout described in that document
> is not the one I am seeing in my tracefile. First of all the 
> Configuration Identifier field (octet 39 of the BPDU) is not 0 as
> the IEEE document states, but seems to be the length of the MST extension
> data in de BPDU. Also the Extension data is formatted differently from the
> specs.
> 
> Does anyone know if the Cisco-implementation of MST is proprietary? Or is
> there maybe a standard that evolved after 2003? Any documentation on
> (cisco) MST BPDU's is welcome. Also if someone has some STP, RST and MST
> packets laying around in traces, please send them to me so when I write 
> a patch I can make sure I don't break things for other BPDU's :)
> 
> Cheers,
> 
> Sake
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev

Attachment: bpdu-patch.gz
Description: application/gunzip