This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

GRE Protocol Type 0x8909

0

The GRE Protocol Type 0x8909 is used by Cisco gear to encapsulate Cisco MetaData frames inside GRE. What would be the easiest way to modify the GRE Decode As option to interpret the Data within the GRE payload as a Cisco MetaData frame when the GRE Protocol Type is 0x8909? WireShark can decode native Cisco MetaData frames already, but GRE encapsulated Cisco MetaData frames are shown as unknown.

asked 15 Jun '17, 12:48

rmcguilicuddy's gravatar image

rmcguilicuddy
11113
accept rate: 0%

One Answer:

1

Currently there is no support for this.

To get Cisco MetaData dissected as GRE payload the source code of epan/dissectors/packet-gre.c and epan/dissectors/packet-cisco-metadata.c has to be modified.

If you want this feature in some future Wireshark version open an enhancement bug (including sample capture(s)).

answered 15 Jun '17, 23:08

Uli's gravatar image

Uli
9031515
accept rate: 29%

edited 17 Jun '17, 13:26

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

Thanks for the info, I filed Enhancement 13804 request with a packet capture attached.

(16 Jun '17, 06:58) rmcguilicuddy

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(16 Jun '17, 07:00) Jaap ♦
1

The changes in question were made in change I0d96122a0c7f39315316e4da32c29977e147d3d6 in the master branch and change I0d96122a0c7f39315316e4da32c29977e147d3d6 in the 2.4 branch, so this capability should be in the 2.4 release when it comes out.

(17 Jun '17, 13:28) Guy Harris ♦♦