On Oct 12, 2003, at 6:57 PM, Bob Aiello wrote:
does anyone know how the ClearCase protocal actually works.
Port 371 seems to be a well known port. Does ethereal monitor other
ports as well?
What do you mean by "monitor ports"?
Ethereal can capture TCP/UDP/SCTP traffic going to *any* port (assuming
it can even see the traffic, but that's done by code that Ethereal
calls, not by Ethereal itself, so that's not an Ethereal issue).
Whether it can display it as anything other than {TCP,UDP,SCTP} payload
is another matter.
In the case of the only ClearCase protocol Ethereal can dissect (i.e.,
can display as anything other than raw payload), that protocol is an
ONC RPC-based protocol; however, it's not one about which the author of
the dissector knows anything other than that it's an ONC RPC-based
protocol, so, although it can display the ONC RPC headers, it can't
display the actual names or arguments in the calls or replies. If
there's anybody who knows how the protocol (protocols?) actually works,
they haven't contributed any code to Ethereal to dissect any of those
protocols.
How does it know which one to monitor?
Ethereal "monitors" ports, in the sense of capturing traffic to and
from those ports, if you tell it to do so; by default (i.e., with an
empty capture filter), it'll capture all the traffic that it can see
(which might only be traffic to and from the machine running Ethereal,
and broadcast and multicast traffic seen by that machine:
http://www.ethereal.com/faq.html#q5.1
).
It will dissect as "ClearCase NFS" any traffic that looks like ONC RPC
traffic for ONC RPC program number 390512 (the Clearcase NFS program
number), regardless of what port it's sent to or from.