Ethereal-users: Re: [Ethereal-users] MPLS packet forwarding delay
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Thu, 22 May 2003 06:44:10 +0100
Yuxiao Jia wrote: >actually "dst port 6000" and 'dst port 6000' seems same for IP packet, I >test, this filter works for IP packet, > >but doesnot work for MPLS packet, If I run ethereal on LSR (MPLS router) >interface, when I run it, nothing happen, it means this capture filter "dst >port 6000" or "src host 172.16.10.2" etc (tcpdump based) canot work for mpls >packet, am I wrong? > Hi, Sorry, I didn't think about that it was a capture filter for MPLS you wanted. I get an error when trying with 'dst port 6000' (but not for "dst port 6000") on my Window98 PC, but there seems to be some problems that Windows98 sometimes does some strange things with the command line arguments before sending it to the application. For example when I give the argument %m it is translated to some other characters before Tethereal gets the arguments, so I couldn't get the frame number displayed when setting column.info from the command line. Capture filters are handled by libpcap/WinPcap and are not as powerful as display filters in Ethereal. http://www.ethereal.com/faq.html#q5.5 Capture filters with tcp/udp port numbers and similar may only work if you run IP directly on top of e.g. Ethernet or PPP, or for VLAN you can use the vlan keyword. http://www.die.net/doc/linux/man/man8/tcpdump.8.html http://windump.polito.it/docs/manual.htm I don't if there is any plans to add a "mpls" keyword that could libpcap generate valid capture filters for TCP/IP on top of MPLS. You could try to make a capture filter that filters out packets based on the data in certain fixed positions of the packet, but I don't know if that is reasonable for the thing you want to do (Maybe a filter of the type "ether[38:2]=0x07D0" could work). But that means that it might not work if there is variable length headers. tethereal -f "ether[38:2]=0x07D0" Yould could maybe use a combination of a capture filter and a read filter. However there could be problem that some packets are dropped when using a read filter while doing the capturing if you are not using some kind of capture filter to limit the amount of data that tethereal has to apply the capture filter on: tethereal -f "ether[12:2]=0x8847 and ether[4:2]=0xfc37" -R "tcp.dstport == 6000" Tthis is just an example so you'll have to adapt it for your specific scenario: For example "ether[4:2]=0xfc37" is a part of the hardware address from one packet in the MPLS capture I had on my harddisk and 0x8847 seems to be the ethertype for "MPLS label switched packets". It might be better to first do the capture with a certain capture filter and save it to a file, than to do both the capturing and display filtering at the same time: tethereal -f "ether[12:2]=0x8847 and ether[4:2]=0xfc37" -w mycapture.pcap and then use a display filter: tethereal -r mycapture.pcap -R "tcp.dstport == 6000" I guess that somebody else on the list may have additional ideas and/or experiences with making capture filters for MPLS. Regards, Martin
- Prev by Date: [Ethereal-users] How to decrypt WEP - where do I enter the key
- Next by Date: Re: [Ethereal-users] How to decrypt WEP - where do I enter the key
- Previous by thread: Re: [Ethereal-users] MPLS packet forwarding delay
- Next by thread: [Ethereal-users] Fibre Channel
- Index(es):