Wireshark-users: Re: [Wireshark-users] Problem with capturing DHCP Faillover (DHCPFO) Protocol an

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Mon, 07 Feb 2011 22:06:29 +0100
Hi,

In order to look at what happens with the DHCP failover it might be helpful to attach the capture file.

As for the OMAPI dissector, yes it's in there (I've put it in), and no you can't change its port through a preference setting. It's fixed at 7911.

Thanks,
Jaap

On 02/07/2011 02:55 PM, J�rgen Dietl wrote:
Hello,

I did a capture on the DHCP-Server. Because our DHCP runs on port 520 i
changed this in the preferences of the dhcpfo protocol.

I can decode the following message types.

3  = Binding Update
4  = Binding Acknowledge
5  = Connect
6  = Connect Acknowledge
7  = Update Request All
8  = Update Done
10 = State

When I now make a display filter with !dhcpfo.type==5 and
!dhcpfo.type==4 .....

so that I filter out all this types I still have messages on port 520
that can only be seen as "efs tcp dst port 520" with a source port not
well known (greater than 1024).

I am looking for the recovery-wait and. recovery-done etc. I assume that
the missing packets must be there. But wireshark do not decode this
packet with a DHCP Failover Header. Instead all the information is in
data in the TCP Header which then is difficult to decode.

Is there a way to decode also the rest?

I am also looking for the name of the OMAPI Protocol for changing the
port in preferences. It is in the supported protocol list as "OMAPI ISC
Object Management API" but I cant find any of these words.

Thanx a lot,
cheers,
Juergen