Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Problem with capturing DHCP Faillover (DHCPFO) Protocol an

From: Jürgen Dietl <juergen.dietl@xxxxxxxxxxxxxx>
Date: Tue, 8 Feb 2011 08:46:30 +0100
Hi Jaap,

i did not see your post. Googlemail makes a funny thread. Thanx for your answer and for doing the omapi.

Is this the same omapi that is in the developer sektion of wireshark (the sourcecode)? So the only way is to change the port in the source code then.

Dont know if I make that .............

thanx a lot,
cheers,
Juergen


2011/2/7 Jaap Keuter <jaap.keuter@xxxxxxxxx>
Hi,

In order to look at what happens with the DHCP failover it might be helpful to attach the capture file.

As for the OMAPI dissector, yes it's in there (I've put it in), and no you can't change its port through a preference setting. It's fixed at 7911.

Thanks,
Jaap


On 02/07/2011 02:55 PM, Jürgen Dietl wrote:
Hello,

I did a capture on the DHCP-Server. Because our DHCP runs on port 520 i
changed this in the preferences of the dhcpfo protocol.

I can decode the following message types.

3  = Binding Update
4  = Binding Acknowledge
5  = Connect
6  = Connect Acknowledge
7  = Update Request All
8  = Update Done
10 = State

When I now make a display filter with !dhcpfo.type==5 and
!dhcpfo.type==4 .....

so that I filter out all this types I still have messages on port 520
that can only be seen as "efs tcp dst port 520" with a source port not
well known (greater than 1024).

I am looking for the recovery-wait and. recovery-done etc. I assume that
the missing packets must be there. But wireshark do not decode this
packet with a DHCP Failover Header. Instead all the information is in
data in the TCP Header which then is difficult to decode.

Is there a way to decode also the rest?

I am also looking for the name of the OMAPI Protocol for changing the
port in preferences. It is in the supported protocol list as "OMAPI ISC
Object Management API" but I cant find any of these words.

Thanx a lot,
cheers,
Juergen

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe