This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

MPLS TE shown as raw data

0

Hello,

I have the latest wireshark version and have this issue. I run MPLS TE in our network but the MPLS data is shown as "raw data", meanwhile I can see the sample MPLS capture on the wireshark website and it is displayed correctly. I tried all the options in the protocols>MPLS sections and it is still the same.

Is there a possibility to fix this?

asked 29 Oct '15, 08:07

Vadym%20Bel's gravatar image

Vadym Bel
1222
accept rate: 0%

1

Can you share a sample capture file?

(29 Oct '15, 16:49) Jaap ♦

Sure,

http://www.filedropper.com/capture_1

I exported a particular conversation, there are 50 packets more or less and all of them have raw packet data, I have a bigger capture, which was done on an MPLS interface looking toward one router and all traffic is like this

(30 Oct '15, 08:36) Vadym Bel

Any idea of what could be happening?

(03 Nov '15, 08:46) Vadym Bel

Any update about this one? Were you able to decode it?

(21 Mar '16, 09:35) Vadym Bel
1

The link to the capture seems to be broken, can you update it?

(22 Mar '16, 11:36) grahamb ♦

yes, sure http://www.filedropper.com/capture_8

(22 Mar '16, 11:45) Vadym Bel

Is it the right capture? I can see properly dissected, raw-IP "encapsulated" icmp packets, some of them truncated during capture, i.e. nothing illustrating the issue you talk about...

Or you claim the presence of the line "raw data" between the frame level and IP level of the dissection tree?

(22 Mar '16, 13:17) sindy

This capture differs significantly from the sample one you presumably refer to. The mpls-te.cap contains Ethernet-encapsulated frames which do contain the MPLS layer; yours contains "raw IP" encapsulated frames with no MPLS layer in them (see Statistics -> Capture File Properties and the dissection of the packets themselves). What was your capture setup?

Also, can you upload (or publish somewhere else) a screenshot of dissection of one of your packets as you can see it? As the packets have no MPLS contents, it is clear that changes of MPLS-related settings have no effect, yet other settings may prevent you from seeing the actual contents of the packets properly dissected.

(22 Mar '16, 13:42) sindy

I was 100% sure MPLS was there and I did many captures.. I will double check tomorrow to make sure once again this is pure mpls capture. When I disable MPLS, raw data disappears, when I enable it, it appears, when I enable simple MPLS labels (common MPLS), LDP shows the labels correctly, however when I build the MPLS TE tunnel, where LDP+RSVP assign labels, it starts showing everything as raw data and this confuses me a lot...

(22 Mar '16, 13:46) Vadym Bel
showing 5 of 9 show 4 more comments