Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] FC Protocol ??

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Daniel Koepke" <dkoepke@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Jan 2008 13:00:24 -0600
Sorry for the delay, was pulled in different directions

Here is a sample of the scan taken today
At this site there is Cisco network equipment, 1 Netware server, network printers, and windows XP workstations. 

All on TCPIP no IPX and a single VLAN

Any input would be appreciated

Thanks
Dan
----- Original Message ----- From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx> To: "Daniel Koepke" <dkoepke@xxxxxxxxxxxxxxxxxxx>; "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> 
Sent: Friday, November 30, 2007 4:35 PM
Subject: Re: [Wireshark-users] FC Protocol ??



Fibre channel is a SAN protocol so it would be very likely that it
would consume a lot of bandwidth.
I.e. it is used to (primarily) act as a transport for SCSI


Normally you would not see FC on the same segment as you would have
ordinary traffic but rather only on dedicated networks in the data
centre, unless someone
has configured their switches incorrectly.

Fibre channel can be transported ontop of ethernet in several ways :
FCoE   fibre channel over ethernet, this is a very new draft standard
though so it might be unlikely wou have encountered it.
iFCP and FCIP which maps ficre channel over ip

There is also a proprietary version of iFCP that is called mFCP but it
wont be that protocol since wireshark doesnt implement it yet.


Try looking for any frames containing a fibre channel world-wide-name.
This wwn will/can at least tell you the vendor name for the
equipment.


On Dec 1, 2007 6:47 AM, Daniel Koepke <dkoepke@xxxxxxxxxxxxxxxxxxx> wrote:



Hi;

I was scanning a school segment and discovered a use of FC protocol being
used. I do not see this used in any of the other schools and appears to be using a lot of bandwidth. I tried to track down the MAC Address within the Cisco switches using ARP and MAC Address tables (show mac-address dynamic ) 
but unable to see where the MAC address is used.

My questions are

Is the MAC address in the scan validate or is it transposed or deciphered
correctly
Can the FC protocal be run over ethernet or how should I view these scans

I have copied a section of the scan for review.

Thanks
Dan








_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Attachment: BH Scan 080129.cap
Description: Binary data

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube