Wireshark · Wireshark-users: Re: [Wireshark-users] IPv6 Interface

["Michael Margulies" <mmargulies@xxxxxxxx>]

> What type of interface is it?  It won't matter if it is running IPv4, 
> IPv6, something else or nothing when it comes to showing up in the 
> capture interface window.  Does the interface show up at all?

Yes, sorry for not being specific, the physical interface is ethernet.
The ethernet card always shows up in the capture interface dialog box.
When the tcp/ipv4 stack is enabled, the ipv4 ip address for my laptop is
shown. When the tcp/ipv4 stack is disabled, but the tcp/ipv6 is enabled,
the ip address is listed as unknown. I'm interpreting this as Wireshark
not recognizing the ipv6 interface for some reason. I've done a fair
amount of digging, and am currently stumped.

Thanks,
Mike

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
wireshark-users-request@xxxxxxxxxxxxx
Sent: Friday, March 06, 2009 12:00 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Wireshark-users Digest, Vol 34, Issue 17

Send Wireshark-users mailing list submissions to
	wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
	wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
	wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. IPv6 Interface (Michael Margulies)
   2. Re: IPv6 Interface (Stephen Fisher)
   3. Re: Detecting protocol headers (Guy Harris)


----------------------------------------------------------------------

Message: 1
Date: Fri, 6 Mar 2009 10:35:39 -0800
From: "Michael Margulies" <mmargulies@xxxxxxxx>
Subject: [Wireshark-users] IPv6 Interface
To: <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
	<638C4CD754F8E240A80E19F8934C8A60389FD6@xxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

Folks:

 

I'm trying to use Wireshark v1.0.6 on a Windows XP Pro (w/sp3) machine
to debug an embedded TCP/IPv6 stack, and I'm having a hard time getting
my laptop's IPv6 interface to show up in the capture interface dialog
box, and as a consequence I can't capture any IPv6 traffic.

 

I know the IPv6 interface is functional because I've used the ipv6 if
command at the command prompt to get the interface specifics for the
local area connection, and I can successfully use ping6 to do a loopback
test. In addition, I used the local area connections dialog box to try
and disable the tcp/ipv4 stack on my laptop to try and force Wireshark
to recognize the IPv6 interface. Any help would be appreciated.

 

Thanks,

Mike M

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20090306/c43c
0cc8/attachment.html 

------------------------------

Message: 2
Date: Fri, 6 Mar 2009 11:49:56 -0700
From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] IPv6 Interface
To: Community support list for Wireshark
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <20090306184956.GA72267@xxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

On Fri, Mar 06, 2009 at 10:35:39AM -0800, Michael Margulies wrote:

> I'm trying to use Wireshark v1.0.6 on a Windows XP Pro (w/sp3) machine

> to debug an embedded TCP/IPv6 stack, and I'm having a hard time 
> getting my laptop's IPv6 interface to show up in the capture interface

> dialog box, and as a consequence I can't capture any IPv6 traffic.

What type of interface is it?  It won't matter if it is running IPv4, 
IPv6, something else or nothing when it comes to showing up in the 
capture interface window.  Does the interface show up at all?


Steve


------------------------------

Message: 3
Date: Fri, 6 Mar 2009 10:55:21 -0800
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Detecting protocol headers
To: Community support list for Wireshark
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <0BD8B3E1-C8BA-4891-A054-F237DDF0CA1F@xxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Mar 6, 2009, at 10:08 AM, Stephen Fisher wrote:

> Take a look at epan/dissectors/packet-udp.c in the source code.  In
> particular, the decode_udp_ports() function.  The UDP dissector  
> follows
> the general method for finding the next dissector to call.  In the  
> case
> of UDP, it uses the port number to find which dissector(s) has
> registered itself on that udp port and then calls it.  If there is  
> more
> than one, it is expected that each one will do a heuristic check of
> (usually) the first few bytes of the packet to determine if it should
> accept the packet and if not, Wireshark gives it to the next dissector
> registered on that port to see if it will accept it with a heuristic
> check.

In addition, the UDP dissector has a list of purely-heuristic  
dissectors; depending on the setting of a preference, those are either  
called, one after another, before the UDP dissector tries dissectors  
based on port numbers (so that a heuristic dissector can grab traffic  
even if one of the ports it's coming from or going to has a UDP  
dissector for it) or after the UDP dissector tries dissectors based on  
port numbers.  The heuristic dissectors are called regardless of the  
port number; they also check (usually) the first few bytes of the  
packet to decide if it should accept it or not.


------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 34, Issue 17
***********************************************