Wireshark-users: [Wireshark-users] Problem with capturing DHCP Faillover (DHCPFO) Protocol and th

From: Jürgen Dietl <juergen.dietl@xxxxxxxxxxxxxx>
Date: Mon, 7 Feb 2011 14:55:09 +0100
Hello,

I did a capture on the DHCP-Server. Because our DHCP runs on port 520 i changed this in the preferences of the dhcpfo protocol.

I can decode the following message types.

3  = Binding Update
4  = Binding Acknowledge
5  = Connect
6  = Connect Acknowledge
7  = Update Request All
8  = Update Done
10 = State

When I now make a display filter with !dhcpfo.type==5 and !dhcpfo.type==4 .....

so that I filter out all this types I still have messages on port 520 that can only be seen as "efs tcp dst port 520" with a source port not well known (greater than 1024).

I am looking for the recovery-wait and. recovery-done etc. I assume that the missing packets must be there. But wireshark do not decode this packet with a DHCP Failover Header. Instead all the information is in data in the TCP Header which then is difficult to decode.

Is there a way to decode also the rest?

I am also looking for the name of the OMAPI Protocol for changing the port in preferences. It is in the supported protocol list as "OMAPI ISC Object Management API" but I cant find any of these words.

Thanx a lot,
cheers,
Juergen