Bill Fassler wrote:
Hey guys, I haven't done any Wireshark plugins or anything in quite a
while, but am still part of the mailing list...
Someone just asked me if Wireshark sniffs HPNA 3.0
"Sniffs HPNA 3.0" in what sense?
Wireshark does two things - capture traffic, and dissect and analyze
traffic.
The traffic it can capture depends mostly on the capabilities of:
the hardware it's using to capture;
the operating system it's running on;
the driver for the hardware it's using to capture;
the version of libpcap/WinPcap it's using.
If you want to plug directly into a phone wire or coax cable, without
any USB or Ethernet bridge to your HPNA network, and sniff the traffic
on that, you will probably need specialized hardware, and, unless that
hardware appears to the host as a regular network adapter, you'd
probably also need a specialized version of libpcap/WinPcap to talk to
that hardware.
If that hardware supplies MAC-layer packets, complete with the 8-bit
frame type field, you'd then require changes to Wireshark to be able to
capture those frames, much less dissect them.
If, however, you have a USB HPNA adapter on a personal computer, that
would probably show up as an Ethernet interface, and if you have a
HomePNA-to-Ethernet bridge, that would *definitely* be an Ethernet
interface. In that case, capturing should probably Just Work, although
the only frames you'd see would be Ethernet frames.
As for dissection, Wireshark knows nothing about non-Ethernet HPNA
frames, and I don't see any dissector that handles HPNA link-layer
control frames (Ethertype 0x886c). Whether you'd get any of those
frames with a USB HPNA adapter, or an Ethernet interface plugged into a
HomePNA-to-Ethernet bridge, is another matter; if not, and that's the
hardware you have, then it's irrelevant whether Wireshark could dissect
non-Ethernet HPNA frames or HPNA link-layer control frames, as you won't
see them - i.e. Wireshark is just capturing on what it thinks is an
Ethernet.