Wireshark mailing list archives
Displaying Cisco Cable Monitor and Intercept Traffic
From: Martin Dubuc <martind1111 () gmail com>
Date: Wed, 25 Aug 2010 09:37:54 -0400
I have posted a message to this list yesterday, but am reposting today with more details. I would like to display traffic coming out of a Cisco CMTS LAN analyzer port in Wireshark. This traffic is the result of configuring the CMTS with the cable monitor and intercept commands. The cable intercept command is used to capture all traffic that originates/terminates to a specific a MAC address. The CMTS sends the resulting traffic encapsulated over UDP. The traffic coming out of the CMTS LAN analyzer port looks like this: | 14-byte Ethernet header | 20-byte IP header | 8-byte UDP header v ^ | 14-byte Ethernet header | 20-byte IP header | ... The first part (Ethernet/IP/UDP header) is fabricated by the CMTS. The second part (Ethernet/IP/...) is the end-user traffic. If I load a PCAP file with this type of traffic in Wireshark, Wireshark displays the Ethernet/IP/UDP header as one would expect, but it does not decode the second part, the end-user traffic. It displays the end-user traffic as one big data blob. I am surprised that Wireshark is not able to decode the second part, the end-user traffic. I am not sure if we need to do some sort of configuration, or if we should write a special dissector that can handle this type of encapsulation. Martin
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 25)
- Re: [Wireshark-users] Displaying Cisco Cable Monitor and Intercept Traffic Christopher Maynard (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 25)
- Re: [Wireshark-users] Displaying Cisco Cable Monitor and Intercept Traffic Christopher Maynard (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Guy Harris (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 25)
- Re: [Wireshark-users] Displaying Cisco Cable Monitor and Intercept Traffic Christopher Maynard (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 26)