I'm trying to capture some Maintenance Operation Protocol (MOP) related packets from a router. but when i go to the filter section in wireshark, it does not have MOP listed under the protocols list. Is there any specific wireshark version where i can get MOP as filter option. or is there any other work around? asked 29 Aug '11, 00:18  realm_wrecker |
One Answer:
AFAIK, Wireshark recognizes ethertype 0x6001 as "DEC DNA Dump/Load", but there's no dissector for it. You can file an enhancement bug report at bugzilla, attaching a sample capture file and reference to the specification, in order to invite someone to write a dissector for it. Or you may want to try yourself. answered 29 Aug '11, 03:55  Jaap ♦ THanks jap, i'll try that (29 Aug '11, 08:03) realm_wrecker The specification is here. (29 Aug '11, 16:35) Guy Harris ♦♦ |
What kind of router ?
MOP is the name of an old Digital Network Architecture proprietary protocol; I wouldn't really have expected to see much of this protocol any more...
http://en.wikipedia.org/wiki/Maintenance_Operations_Protocol
http://www.cisco.com/en/US/tech/tk870/tk136/tk885/technologies_tech_note09186a0080093cd1.shtml
Hi Bill, It's an edge router i'm using. Yes, MOP is quite old, you're right about that. that isn't my question. My question is whether there's any way we can filter (from a capture file of several packets), and look at mop packets only. when i tried doing this is when i realised, wireshark doesn't have MOP in it's list of protocol filters. is there any extended filter set/ patch i can add to wiresark, so the intent is achieved?
one idea that just dawned on me now, is to use the reserved mcast addresses as a filter criterion. let me try that.
or: use tshark -R "eth.type == 0x6001" ...