ISMP packets are recognized by the Ethernet Type and the other data
(EDP) is decoded based upon the ISMP Type. If another protocol is using
0x81fd, I am not aware of it, but it does present an interesting
dilemma.
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Thursday, January 01, 2004 8:34 PM
To: Douglas, Joshua
Cc: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] New Dissector: ISMP/EDP (Enterasys Discovery
Protocol)
On Tue, Dec 30, 2003 at 11:29:35AM -0500, Douglas, Joshua wrote:
> I am attaching a new dissector for ISMP (InterSwitch Message Protocol)
> in which EDP (Enterasys Discovery Protocol), formerly known as
> Cabletron Discovery Protocol resides on.
I have some captures where packets with the ISMP Ethertype (0x81fd) are
dissected as
InterSwitch Message Protocol
Version: 16962
Message Type: 768
Sequence Number: 768
Auth Code Length: 2
Auth Data: 99DE
and the packet data after the Ethernet header is
0000 42 42 03 00 03 00 02 99 de 10 00 00 00 00 00 00
BB..............
0010 00 00 00 00 00 00 00 00 00 00 00 04 98 94 90 1b
................
0020 00 00 1d f0 94 ae 06 00 00 00 00 00 1d bf b0 ee
................
0030 00 00 00 00 00 02 04 00 08 00 00 00 00 00 00 00
................
That data looks suspiciously like an 802.2 LLC header for a spanning
tree BPDU (DSAP and SSAP of 0x42, and control field of 0x03, i.e. UI) -
but the packet has an Ethernet type, not a length, and the stuff after
it doesn't look like a BPDU.
Any idea what those might be?