Wireshark-users: [Wireshark-users] 回复: Wireshark-users Digest, Vol 22, Issue 65

From: zhen li <llizzhen@xxxxxxxxxxxx>
Date: Tue, 25 Mar 2008 15:54:41 +0800 (CST)
Hi harris 
    I just wish to decode the raw fibre channel protocol using ethereal.
I  have raw fibre channel protocol,and  I want to
write the packets buffer in text file and convert it to cap file by text2pcap.exe,
then I can  open it and decode it by ethereal.If ethereal can not support raw
fibre channel protocol, I will look for other solutions,for example.add buffer ahead
of packets including raw fibre channel protocol ,so I can decode it using ethereal.

Thanks
zhen li

----- 原始邮件 ----
发件人: "wireshark-users-request@xxxxxxxxxxxxx" <wireshark-users-request@xxxxxxxxxxxxx>
收件人: wireshark-users@xxxxxxxxxxxxx
已发送: 2008/3/25(周二), 下午3:10:56
主题: Wireshark-users Digest, Vol 22, Issue 65

Send Wireshark-users mailing list submissions to
    wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
    http://www.wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
    wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
    wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

  1. Re: wireless lan packet (Sake Blok)
  2. Re: Ask for cap file including stard fibre channel protocol
      (Guy Harris)
  3. Re: Ask for cap file including stard fibre    channel protocol
      (ronnie sahlberg)
  4. Re: GUI problem with Mac OS X (Andreas Fink)


----------------------------------------------------------------------

Message: 1
Date: Tue, 25 Mar 2008 03:22:43 +0100
From: Sake Blok <sake@xxxxxxxxxx>
Subject: Re: [Wireshark-users] wireless lan packet
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii

On Mon, Mar 24, 2008 at 02:39:52PM -0400, Albert Jurado wrote:

First of all, please don't reply to an existing message to start a
new thread. It will mess up the threading in a lot of mail-readers.
It's better to just create a new message...

> I was wondering.  I'm capturing packets from our server VLAN and
> I'm seeing a lot of duplicate packets. 

Are you spanning the server vlan selecting "both directions" to
another port? If so, you will indeed see every packet twice. Once
when it ingresses the vlan and once when it egresses the vlan.
You can solve this by only spanning incoming packets.

> Is there a way to filter out those duplicate packets by IP ID?

If they are *exactly* the same, then "editcap -d" is your friend.

Cheers,
    Sake


------------------------------

Message: 2
Date: Mon, 24 Mar 2008 23:05:09 -0700
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Ask for cap file including stard fibre
    channel protocol
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <47E89615.4050907@xxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

zhen li wrote:

>    I am very excited when finding fibre channel decoding feature in
> ethereal,
> I wish to see how can ethereal decode fibre channel packets,
> but I can not deviced a cap file including  fibre channel protocol,
> so can you help me to generate  such a file

Wireshark (that's Ethereal's new name:

    http://www.wireshark.org/faq.html#q1.2

) only dissects Fibre Channel when it's encapsulated with:

    Cisco's special encapsulations of Fibre Channel frames in Ethernet
frames (for debugging trace purposes);

    CNT's "Cross Point Frame Injector" encapsulation of FC in UDP packets;

    RFC 3821 FCIP;

    T11's proposed Fibre Channel over Ethernet encapsulation.

We don't currently support any encapsulation for "raw" FC frames.

Are you trying to capture a Fibre Channel trace on an FC network (rather
than an Ethernet or other non-FC network where one of the encapsulations
listed above are used)?


------------------------------

Message: 3
Date: Tue, 25 Mar 2008 17:23:03 +1100
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Subject: Re: [Wireshark-users] Ask for cap file including stard fibre
    channel protocol
To: "Community support list for Wireshark"
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
    <c9a3e4540803242323n5fc43e9ek58a3fc66b36f1a81@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Wireshark also supports the encapsulation iFCP.

It would probably be easy to add mFCP (dead brocade protocol) as well
if an example capture was made available.



On Tue, Mar 25, 2008 at 5:05 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> zhen li wrote:
>
>  >    I am very excited when finding fibre channel decoding feature in
>  > ethereal,
>  > I wish to see how can ethereal decode fibre channel packets,
>  > but I can not deviced a cap file including  fibre channel protocol,
>  > so can you help me to generate  such a file
>
>  Wireshark (that's Ethereal's new name:
>
>        http://www.wireshark.org/faq.html#q1.2
>
>  ) only dissects Fibre Channel when it's encapsulated with:
>
>        Cisco's special encapsulations of Fibre Channel frames in Ethernet
>  frames (for debugging trace purposes);
>
>        CNT's "Cross Point Frame Injector" encapsulation of FC in UDP packets;
>
>        RFC 3821 FCIP;
>
>        T11's proposed Fibre Channel over Ethernet encapsulation.
>
>  We don't currently support any encapsulation for "raw" FC frames.
>
>  Are you trying to capture a Fibre Channel trace on an FC network (rather
>  than an Ethernet or other non-FC network where one of the encapsulations
>  listed above are used)?
>  _______________________________________________
>  Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
>


------------------------------

Message: 4
Date: Tue, 25 Mar 2008 08:10:35 +0100
From: Andreas Fink <afink@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] GUI problem with Mac OS X
To: R S <lmodern@xxxxxxxxxxx>
Cc: wireshark-users@xxxxxxxxxxxxx
Message-ID: <430DA2E1-6967-4D7F-BC5A-E15868BFBBD6@xxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"

Well its obvious that it will use libraries from /opt/gtk/lib. Those 
libraries where not compiled by me. I think /opt is used by Ports.
The version from http://www.finkconsulting.com/page7.php doesnt use /
opt directory. If MacOS X thinks it should use libraries from there, 
you end up in version conflicts.

You might want to rename /opt to something else temporarely and see if 
it runs then.




On 25.03.2008, at 01:18, R S wrote:

> Andreas,
>
> I downloaded Wireshark from SourceForge.net (no Ports of Fink) and I 
> launch it in X11.
> Here are the outputs I got:
>
> $ wireshark --version
> wireshark 0.99.8
>
> Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and 
> contributors.
> This is free software; see the source for copying conditions. There 
> is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR 
> PURPOSE.
>
> Compiled with GTK+ 2.13.1, with GLib 2.17.0, with libpcap 0.9.4, 
> with libz
> 1.2.3, without libpcre, without SMI, without ADNS, without Lua, 
> without GnuTLS,
> without Gcrypt, with MIT Kerberos, without PortAudio, without AirPcap.
> NOTE: this build doesn't support the "matches" operator for 
> Wireshark filter
> syntax.
>
> Running on Darwin 8.11.1 (MacOS 10.4.11), with libpcap version 0.9.4.
>
> Built using gcc 4.0.1 (Apple Computer, Inc. build 5367).
>
>
> $ otool -L /usr/local/bin/wireshark
> /usr/local/bin/wireshark:
>    /System/Library/Frameworks/ApplicationServices.framework/
> Versions/A/ApplicationServices (compatibility version 1.0.0, current 
> version 22.0.0)
>    /System/Library/Frameworks/CoreFoundation.framework/Versions/A/
> CoreFoundation (compatibility version 150.0.0, current version 
> 368.32.0)
>    /System/Library/Frameworks/CoreServices.framework/Versions/A/
> CoreServices (compatibility version 1.0.0, current version 18.0.0)
>    /usr/local/lib/libwiretap.0.dylib (compatibility version 1.0.0, 
> current version 1.1.0)
>    /usr/local/lib/libwireshark.0.dylib (compatibility version 
> 1.0.0, current version 1.1.0)
>    /usr/lib/libpcap.A.dylib (compatibility version 1.0.0, current 
> version 1.0.0)
>    /opt/gtk/lib/libgtk-quartz-2.0.0.dylib (compatibility version 
> 1302.0.0, current version 1302.0.0)
>    /opt/gtk/lib/libgdk-quartz-2.0.0.dylib (compatibility version 
> 1302.0.0, current version 1302.0.0)
>    /opt/gtk/lib/libatk-1.0.0.dylib (compatibility version 2210.0.0, 
> current version 2210.1.0)
>    /opt/gtk/lib/libgdk_pixbuf-2.0.0.dylib (compatibility version 
> 1302.0.0, current version 1302.0.0)
>    /opt/gtk/lib/libgio-2.0.0.dylib (compatibility version 1.0.0, 
> current version 1.0.0)
>    /opt/gtk/lib/libpangocairo-1.0.0.dylib (compatibility version 
> 2001.0.0, current version 2001.0.0)
>    /opt/gtk/lib/libpango-1.0.0.dylib (compatibility version 
> 2001.0.0, current version 2001.0.0)
>    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current 
> version 88.3.9)
>    /opt/gtk/lib/libcairo.2.dylib (compatibility version 14.0.0, 
> current version 14.6.0)
>    /opt/gtk/lib/libpng12.0.dylib (compatibility version 23.0.0, 
> current version 23.0.0)
>    /opt/gtk/lib/libgobject-2.0.0.dylib (compatibility version 
> 1701.0.0, current version 1701.0.0)
>    /opt/gtk/lib/libgmodule-2.0.0.dylib (compatibility version 
> 1701.0.0, current version 1701.0.0)
>    /opt/gtk/lib/libgthread-2.0.0.dylib (compatibility version 
> 1701.0.0, current version 1701.0.0)
>    /opt/gtk/lib/libglib-2.0.0.dylib (compatibility version 
> 1701.0.0, current version 1701.0.0)
>    /opt/gtk/lib/libintl.8.dylib (compatibility version 9.0.0, 
> current version 9.1.0)
>    /System/Library/Frameworks/Kerberos.framework/Versions/A/
> Kerberos (compatibility version 5.0.0, current version 5.0.0)
>    /usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current 
> version 369.6.0)
>    /usr/lib/libiconv.2.dylib (compatibility version 5.0.0, current 
> version 5.0.0)
>    /usr/lib/libz.1.dylib (compatibility version 1.0.0, current 
> version 1.2.3)
>
>
> I deleted the preferences file but nothing changed.
> Thanks.
>
>
> Robert
>
>
> Windows Live Hotmail is giving away Zunes. Enter for your chance to 
> win.





Andreas Fink

Fink Consulting GmbH
Global Networks Schweiz AG
BebbiCell AG

---------------------------------------------------------------
Tel: +41-61-6666330 Fax: +41-61-6666331  Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail:  andreas@xxxxxxxx
www.finkconsulting.com www.global-networks.ch www.bebbicell.ch
---------------------------------------------------------------
ICQ: 8239353 MSN: msn1@xxxxxx AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333

http://a-fink.blogspot.com/  A developers view about iPhone SDK





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20080325/be5ce2fc/attachment.htm

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 22, Issue 65
***********************************************



雅虎邮箱,您的终生邮箱!