Wireshark mailing list archives
Re: Wireshark-users Digest, Vol 58, Issue 9
From: Paula Dufour <psdufour () gmail com>
Date: Thu, 10 Mar 2011 22:37:23 -0500
Hi, The localhost address is used by the operating system as a way to pass information through different processes of an application. Netbackup is one example. Paula On Thu, Mar 10, 2011 at 3:00 PM, <wireshark-users-request () wireshark org>wrote:
Send Wireshark-users mailing list submissions to wireshark-users () wireshark org To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request () wireshark org You can reach the person managing the list at wireshark-users-owner () wireshark org When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. localhost versus url (Tony Anecito) 2. Re: localhost versus url (David Alanis) 3. Re: Help with Zigbee decryption (Joe Desbonnet) 4. Re: localhost versus url (Jaap Keuter) 5. Re: localhost versus url (Guy Harris) 6. Re: Help with Zigbee decryption (Maynard, Chris) 7. question about SCTP multi-homing (WangWeiguo) 8. Re: localhost versus url (Tony Anecito) 9. Re: localhost versus url (Tony Anecito) 10. Re: localhost versus url (Jaap Keuter) 11. Re: localhost versus url (Tony Anecito) 12. Re: question about SCTP multi-homing (Michael T?xen) 13. Re: question about SCTP multi-homing (Jeff Morriss) 14. Re: Help with Zigbee decryption (Guy Harris) ---------------------------------------------------------------------- Message: 1 Date: Wed, 9 Mar 2011 14:11:33 -0800 (PST) From: Tony Anecito <adanecito () yahoo com> To: Wireshark Users <wireshark-users () wireshark org> Subject: [Wireshark-users] localhost versus url Message-ID: <957435.27881.qm () web113614 mail gq1 yahoo com> Content-Type: text/plain; charset=iso-8859-1 Hi All, I was running some performance tests last week and noticed with the client app running on the same server or apache web server machine the response time was much better when using localhost in the url versus my domain name.?I assumed somehow the connection is bypassing my router and connecting to the apache process directly. Is that so and if not what should I see on Wireshark if anything? Or is even the tcp/ip stack short circuited? Thanks, -Tony ------------------------------ Message: 2 Date: Wed, 09 Mar 2011 17:28:26 -0600 From: David Alanis <canito () dalan us> To: wireshark-users () wireshark org Subject: Re: [Wireshark-users] localhost versus url Message-ID: <20110309172826.mdv02xxdisw88ws4 () mail dalan us> Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Quoting Tony Anecito <adanecito () yahoo com>:Hi All, I was running some performance tests last week and noticed with the client app running on the same server or apache web server machine the response timewasmuch better when using localhost in the url versus my domain name.Do you have the domain entered correctly in your /etc/hosts file? During your performance tests whilst using the FQDN did you notice any weird DNS/Reverse lookups for your domain name? That definately sounds fishy, but not improbable.?I assumed somehow the connection is bypassing my router and connecting to theapacheprocess directly. Is that so and if not what should I see on Wireshark if anything? Or is even the tcp/ip stack short circuited?Let me make sure I understand, if you configure Apache (e.g.) with the domain name it is much slower than configuring Apache with the localhost name?Thanks, -Tony___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------ Message: 3 Date: Wed, 9 Mar 2011 23:38:51 +0000 From: Joe Desbonnet <joe () galway net> To: wireshark-users () wireshark org Subject: Re: [Wireshark-users] Help with Zigbee decryption Message-ID: <AANLkTincGhAxvwcXJBTAQjYNUHUD0V9_AcyYLzAA3no=@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 To answer my own question. I succeeded in decrypting ZigBee HA (Home Automation) profile packets a while back, but thought it worth mentioning here in case anyone else has the same problem. I upgraded to version 1.4.3 of Wireshark. Then set the following: Edit -> Preferences... -> Protocols -> ZigBee NWK Security Level: AES-128 Encryption, 32-bit Integrity Protection Network Key: 39:30:65:63:6E:61:69:6C:6C:41:65:65:42:67:69:5A (that's the ASCII values of ZigBeeAlliance09 *in reverse*) BTW: if anyone has the ZENA 802.15.4 / ZigBee network analyzer from Microchip Technologies, I've written a short Linux C utility that streams the packets from the device in PCAP format and can be piped into Wireshark. Details here: http://code.google.com/p/microchip-zena/ Joe. On Fri, Jan 14, 2011 at 12:38 AM, Joe Desbonnet <joe () galway net> wrote:I'm attempting to sniff and decrypt packets in home automation equipment which is supposed to be setup with encryption key "ZigBeeAlliance09". I've entered ZigBeeAlliance09 as a string in the "Network Key" field in Edit -> Preferences -> Protocols -> Zigbee NWK however the UI does not seem to be acting on it. In the packet view under Zigbee Security Header I have a collapsiblenode:?[Expert Info (Warn/Undecoded): Encrypted Payload] ?[Message: Encrypted Payload] ?[Severity level: warn] ?[Group: Undecoded] Then the Data node just lists the data from the packet verbatim (nodecryption).What must I do to decrypt this payload? I've tried other random strings for the key and it makes no difference. It doesn't seem to be trying to decrypt. To reproduce my problem see the pcap capture file here: http://www.mail-archive.com/wireshark-bugs () wireshark org/msg24773.html (file bug5331_test.pcap). The text of the bug implies it uses the same key (ZigBeeAlliance09). Look at the first packet. The payload is two bytes 0xb9 0x06 (encrypted). I cannot find any way view the decrypted packet. I'm using the standard Ubuntu package (version 1.2.7) and I also tried the latest version 1.4.3. Any pointers or suggestions would be greatly appreciated. Thanks in advance, Joe.------------------------------ Message: 4 Date: Thu, 10 Mar 2011 08:19:12 +0100 From: Jaap Keuter <jaap.keuter () xs4all nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] localhost versus url Message-ID: <4D787B70.3090006 () xs4all nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hello Tony, Assuming your domain name is resolved to your public IP address on the outside of the firewall/NAT, your assumption is right. When entering localhost in the URL, that's resolved to 127.0.0.1, your local machines loopback interface. No Ethernet networking involved, so watching with Wireshark won't show this traffic at all (unless capturing the on the loopback interface on a !Windows machine). When entering the FQDN in the URL, that's resolved to your outside address. Browser traffic flows to that address first, then comes back to access the Apache server. Now you'll see the traffic when you capture on the network interface, once going out and once coming in. In the circumstance that there's no NAT involved (so your outside address is your interface address) you still end up with more delay that going through the loopback interface. The extra DNS interactions, and probably additional safety measures of your platform, take away a little time for every object retrieved. Thanks, Jaap On 03/09/2011 11:11 PM, Tony Anecito wrote:Hi All, I was running some performance tests last week and noticed with theclient apprunning on the same server or apache web server machine the response timewasmuch better when using localhost in the url versus my domain name. Iassumedsomehow the connection is bypassing my router and connecting to theapacheprocess directly. Is that so and if not what should I see on Wireshark if anything? Or is even the tcp/ip stack short circuited? Thanks, -Tony------------------------------ Message: 5 Date: Wed, 9 Mar 2011 23:39:09 -0800 From: Guy Harris <guy () alum mit edu> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] localhost versus url Message-ID: <4D2C809E-01C4-417C-ACF9-C1E92F922075 () alum mit edu> Content-Type: text/plain; charset=us-ascii On Mar 9, 2011, at 11:19 PM, Jaap Keuter wrote:Assuming your domain name is resolved to your public IP address on theoutside of the firewall/NAT, your assumption is right.When entering localhost in the URL, that's resolved to 127.0.0.1, yourlocal machines loopback interface. No Ethernet networking involved, so watching with Wireshark won't show this traffic at all (unless capturing the on the loopback interface on a !Windows machine). !Windows && !Solaris - Solaris (except perhaps in OpenSolaris 11) doesn't support a capture mechanism that can listen to loopback traffic. On the other hand:When entering the FQDN in the URL, that's resolved to your outsideaddress. Browser traffic flows to that address first, then comes back to access the Apache server. Now you'll see the traffic when you capture on the network interface, once going out and once coming in. ...in at least some operating systems, even attempts to send packets to one of your own network addresses will go through the same path as attempts to send packets to 127.0.0.1, so either you won't be able to capture them at all, on Windows (where there is no equivalent to UN*X loopback interfaces; the Windows "loopback interface" is different) or on UN*Xes where you can't capture in the loopback interface, or you'll have to capture them on the loopback interface, just as you capture traffic to 127.0.0.1.In the circumstance that there's no NAT involved (so your outside addressis your interface address) you still end up with more delay that going through the loopback interface. The extra DNS interactions, and probably additional safety measures of your platform, take away a little time for every object retrieved. My guess is that's the performance issue; traffic from your machine to one of its non-loopback IP addresses, or to its loopback address, largely go through the same code path, so it's probably that looking up the host name via DNS is slower than looking up "loopback" or that something else is triggered by traffic to a local address that's not triggered by traffic to 127.0.0.1. ------------------------------ Message: 6 Date: Thu, 10 Mar 2011 09:48:27 -0500 From: "Maynard, Chris" <Christopher.Maynard () GTECH COM> To: 'Community support list for Wireshark' <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] Help with Zigbee decryption Message-ID: < FEA7253CE01175418CE6A9BE162A91552A066A345B () RIMAILMBX2 gtk gtech com> Content-Type: text/plain; charset="us-ascii" Thanks for the information Joe. I posted a link to your tool on the Wireshark wiki: http://wiki.wireshark.org/WPANFamily - Chris -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto: wireshark-users-bounces () wireshark org] On Behalf Of Joe Desbonnet Sent: Wednesday, March 09, 2011 6:39 PM To: wireshark-users () wireshark org Subject: Re: [Wireshark-users] Help with Zigbee decryption BTW: if anyone has the ZENA 802.15.4 / ZigBee network analyzer from Microchip Technologies, I've written a short Linux C utility that streams the packets from the device in PCAP format and can be piped into Wireshark. Details here: http://code.google.com/p/microchip-zena/ - end - CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ------------------------------ Message: 7 Date: Fri, 11 Mar 2011 02:03:08 +0800 From: WangWeiguo <encwgwg () hotmail com> To: <wireshark-users () wireshark org> Subject: [Wireshark-users] question about SCTP multi-homing Message-ID: <SNT114-W863E5652A933AFEA48DFBA7C80 () phx gbl> Content-Type: text/plain; charset="gb2312" Hi all, Anyone can help with this SCTP multi-homing question? I've read the spec. (RFC 4960) and googled, but still it's quite hard to really understand the essentials of the multi-homing. The question is based on the diagram as following, which is a SCTP association beteen End Point A and B, on each End Point has two IP addresses serving this SCTP association: Node A Node B IP A1 ------- IP B1 \ / \ / /\ / \ IP A2 ------ IP B2 In this way, there are actually 4 physical links in this single association: A1 -> B1, A2 -> B2, A1 -> B2, and A2 -> B1. The question is: among these 4 links, how many can be defined as Prime?From the spec., it looks like only one pair of IP addresses (ig. A1->B1)can be defined as prime so all traffic actually just goes on this link only, however in this way it means that among the 4 available links, only one is bearing traffic in normal cases and all other 3 are standby in case of prime failure, it doesn't look like make sense if compare to the possibility of having 2 out of 4 as prime and other 2 as standby. Furthermore, in case of prime (say A1-> B1) failure, which of the other three will take over and how are they prioritized? Thanks. Kevin. Wong. -------------- next part -------------- An HTML attachment was scrubbed... URL: < http://www.wireshark.org/lists/wireshark-users/attachments/20110311/24ffbd53/attachment.html------------------------------ Message: 8 Date: Thu, 10 Mar 2011 10:04:56 -0800 (PST) From: Tony Anecito <adanecito () yahoo com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] localhost versus url Message-ID: <543194.98893.qm () web113620 mail gq1 yahoo com> Content-Type: text/plain; charset=iso-8859-1 Hi David, My Domain name is registered with godaddy. I have not tried Wireshark yet I was hoping this is commonly known why the network would do this magic. I will look at the other responses. Many thanks for the quick feedback! -Tony ----- Original Message ---- From: David Alanis <canito () dalan us> To: wireshark-users () wireshark org Sent: Wed, March 9, 2011 4:28:26 PM Subject: Re: [Wireshark-users] localhost versus url Quoting Tony Anecito <adanecito () yahoo com>:Hi All, I was running some performance tests last week and noticed with the?client apprunning on the same server or apache web server machine the response timewasmuch better when using localhost in the url versus my domain name.Do you have the domain entered correctly in your /etc/hosts file? During your performance tests whilst using the FQDN did you notice any weird DNS/Reverse lookups for your domain name? That definately sounds fishy, but not improbable.?I assumed somehow the connection is bypassing my router and connecting to theapacheprocess directly. Is that so and if not what should I see on Wireshark if anything? Or is even the tcp/ip stack short circuited?Let me make sure I understand, if you configure Apache (e.g.) with the domain name it is much slower than configuring Apache with the localhost name?Thanks, -Tony___________________________________________________________________________Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org Archives:? ? http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ? ? mailto:wireshark-users-request () wireshark org?subject=unsubscribe---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ___________________________________________________________________________ Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org> Archives:? ? http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ? mailto:wireshark-users-request () wireshark org ?subject=unsubscribe ------------------------------ Message: 9 Date: Thu, 10 Mar 2011 10:12:31 -0800 (PST) From: Tony Anecito <adanecito () yahoo com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] localhost versus url Message-ID: <597719.68738.qm () web113601 mail gq1 yahoo com> Content-Type: text/plain; charset=iso-8859-1 Hi Jaap, Many thanks that makes sense. I do have a router with a set of static ips provided by my isp and one of the ips is registered with godaddy and is tied to my own domain name and that was what I was using prior to using localhost. I did notice on wireshark when using my domain I would see what you described. I wonder what layers of the OSI 7 layer model is bypassed? I would think the first three (1-3) would be bypassed? Thanks, -Tony ----- Original Message ---- From: Jaap Keuter <jaap.keuter () xs4all nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Sent: Thu, March 10, 2011 12:19:12 AM Subject: Re: [Wireshark-users] localhost versus url Hello Tony, Assuming your domain name is resolved to your public IP address on the outside of the firewall/NAT, your assumption is right. When entering localhost in the URL, that's resolved to 127.0.0.1, your local machines loopback interface. No Ethernet networking involved, so watching with Wireshark won't show this traffic at all (unless capturing the on the loopback interface on a !Windows machine). When entering the FQDN in the URL, that's resolved to your outside address. Browser traffic flows to that address first, then comes back to access the Apache server. Now you'll see the traffic when you capture on the network interface, once going out and once coming in. In the circumstance that there's no NAT involved (so your outside address is your interface address) you still end up with more delay that going through the loopback interface. The extra DNS interactions, and probably additional safety measures of your platform, take away a little time for every object retrieved. Thanks, Jaap On 03/09/2011 11:11 PM, Tony Anecito wrote:Hi All, I was running some performance tests last week and noticed with theclient apprunning on the same server or apache web server machine the response timewasmuch better when using localhost in the url versus my domain name. Iassumedsomehow the connection is bypassing my router and connecting to theapacheprocess directly. Is that so and if not what should I see on Wireshark if anything? Or is even the tcp/ip stack short circuited? Thanks, -Tony___________________________________________________________________________ Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org> Archives:? ? http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ? mailto:wireshark-users-request () wireshark org ?subject=unsubscribe ------------------------------ Message: 10 Date: Thu, 10 Mar 2011 19:36:29 +0100 From: Jaap Keuter <jaap.keuter () xs4all nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] localhost versus url Message-ID: <4D791A2D.4070205 () xs4all nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, Well, the relationship with OSI layers is a bit awkward, but if you want to talk layers, you end up circumventing the Datalink and Physical Layers when going through the loopback. The Network Layer determines that the packet doesn't need to go to a physical network interface, but rigtht back into the network stack. Thanks, Jaap On 03/10/2011 07:12 PM, Tony Anecito wrote:Hi Jaap, Many thanks that makes sense. I do have a router with a set of static ips provided by my isp and one of the ips is registered with godaddy and istied tomy own domain name and that was what I was using prior to usinglocalhost. I didnotice on wireshark when using my domain I would see what you described. I wonder what layers of the OSI 7 layer model is bypassed? I would thinkthefirst three (1-3) would be bypassed? Thanks, -Tony ----- Original Message ---- From: Jaap Keuter<jaap.keuter () xs4all nl> To: Community support list for Wireshark<wireshark-users () wireshark org> Sent: Thu, March 10, 2011 12:19:12 AM Subject: Re: [Wireshark-users] localhost versus url Hello Tony, Assuming your domain name is resolved to your public IP address on theoutsideof the firewall/NAT, your assumption is right. When entering localhost in the URL, that's resolved to 127.0.0.1, yourlocalmachines loopback interface. No Ethernet networking involved, so watchingwithWireshark won't show this traffic at all (unless capturing the on theloopbackinterface on a !Windows machine). When entering the FQDN in the URL, that's resolved to your outsideaddress.Browser traffic flows to that address first, then comes back to accesstheApache server. Now you'll see the traffic when you capture on the network interface, once going out and once coming in. In the circumstance that there's no NAT involved (so your outside addressisyour interface address) you still end up with more delay that goingthrough theloopback interface. The extra DNS interactions, and probably additionalsafetymeasures of your platform, take away a little time for every objectretrieved.Thanks, Jaap On 03/09/2011 11:11 PM, Tony Anecito wrote:Hi All, I was running some performance tests last week and noticed with theclient apprunning on the same server or apache web server machine the responsetime wasmuch better when using localhost in the url versus my domain name. Iassumedsomehow the connection is bypassing my router and connecting to theapacheprocess directly. Is that so and if not what should I see on Wiresharkifanything? Or is even the tcp/ip stack short circuited? Thanks, -Tony------------------------------ Message: 11 Date: Thu, 10 Mar 2011 10:42:05 -0800 (PST) From: Tony Anecito <adanecito () yahoo com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] localhost versus url Message-ID: <196569.32993.qm () web113605 mail gq1 yahoo com> Content-Type: text/plain; charset=iso-8859-1 Thanks Jaap I was looking into that and I believe you are right even about the relationship with OSI! Best Regards, -Tony ----- Original Message ---- From: Jaap Keuter <jaap.keuter () xs4all nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Sent: Thu, March 10, 2011 11:36:29 AM Subject: Re: [Wireshark-users] localhost versus url Hi, Well, the relationship with OSI layers is a bit awkward, but if you want to talk layers, you end up circumventing the Datalink and Physical Layers when going through the loopback. The Network Layer determines that the packet doesn't need to go to a physical network interface, but rigtht back into the network stack. Thanks, Jaap On 03/10/2011 07:12 PM, Tony Anecito wrote:Hi Jaap, Many thanks that makes sense. I do have a router with a set of static ips provided by my isp and one of the ips is registered with godaddy and istied tomy own domain name and that was what I was using prior to usinglocalhost. Idid notice on wireshark when using my domain I would see what you described. I wonder what layers of the OSI 7 layer model is bypassed? I would thinkthefirst three (1-3) would be bypassed? Thanks, -Tony ----- Original Message ---- From: Jaap Keuter<jaap.keuter () xs4all nl> To: Community support list for Wireshark<wireshark-users () wireshark org> Sent: Thu, March 10, 2011 12:19:12 AM Subject: Re: [Wireshark-users] localhost versus url Hello Tony, Assuming your domain name is resolved to your public IP address on theoutsideof the firewall/NAT, your assumption is right. When entering localhost in the URL, that's resolved to 127.0.0.1, yourlocalmachines loopback interface. No Ethernet networking involved, so watchingwithWireshark won't show this traffic at all (unless capturing the on theloopbackinterface on a !Windows machine). When entering the FQDN in the URL, that's resolved to your outsideaddress.Browser traffic flows to that address first, then comes back to accesstheApache server. Now you'll see the traffic when you capture on the network interface, once going out and once coming in. In the circumstance that there's no NAT involved (so your outside addressisyour interface address) you still end up with more delay that goingthrough theloopback interface. The extra DNS interactions, and probably additionalsafetymeasures of your platform, take away a little time for every objectretrieved.Thanks, Jaap On 03/09/2011 11:11 PM, Tony Anecito wrote:Hi All, I was running some performance tests last week and noticed with theclient apprunning on the same server or apache web server machine the responsetime wasmuch better when using localhost in the url versus my domain name. Iassumedsomehow the connection is bypassing my router and connecting to theapacheprocess directly. Is that so and if not what should I see on Wiresharkifanything? Or is even the tcp/ip stack short circuited? Thanks, -Tony___________________________________________________________________________ Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org> Archives:? ? http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ? mailto:wireshark-users-request () wireshark org ?subject=unsubscribe ------------------------------ Message: 12 Date: Thu, 10 Mar 2011 20:11:54 +0100 From: Michael T?xen <Michael.Tuexen () lurchi franken de> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] question about SCTP multi-homing Message-ID: <9BD6F17D-38F7-47B8-8A15-BA89188F3182 () lurchi franken de> Content-Type: text/plain; charset=us-ascii On Mar 10, 2011, at 7:03 PM, WangWeiguo wrote:Hi all, Anyone can help with this SCTP multi-homing question? I've read thespec. (RFC 4960) and googled, but still it's quite hard to really understand the essentials of the multi-homing.The question is based on the diagram as following, which is a SCTPassociation beteen End Point A and B, on each End Point has two IP addresses serving this SCTP association:Node A Node B IP A1 ------- IP B1 \ / \ / /\ / \ IP A2 ------ IP B2 In this way, there are actually 4 physical links in this singleassociation: A1 -> B1, A2 -> B2, A1 -> B2, and A2 -> B1.The question is: among these 4 links, how many can be defined as Prime?Typically, one of the remote peers addresses is considered a primary path (and the source address will be selected based on the routing table). Also remote addresses are supervised using HEARTBEATs.From the spec., it looks like only one pair of IP addresses (ig. A1->B1)can be defined as prime so all traffic actually The SCTP stack will select the primary address. Using the socket API, the application can also specify which remote address should be the primary.just goes on this link only, however in this way it means that among the4 available links, only one is bearing traffic in normal cases and all other 3 are standby in case of prime failure, it doesn't look like make sense if compare to the Please note, that each node will supervise two remote addresses.possibility of having 2 out of 4 as prime and other 2 as standby.Furthermore, in case of prime (say A1-> B1) failure, which of the other three will take over and how are they prioritized? The socket API does not provide a way to indicate where to failover to. However, the application can handle notifications indicating that a path state changes to UNREACHABLE and then set a new primary path. The socket API I'm referring to is available at http://tools.ietf.org/html/draft-ietf-tsvwg-sctpsocket which is implemented (partly) by FreeBSD, Linux and Solaris. Best regards MichaelThanks. Kevin. Wong.___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ------------------------------ Message: 13 Date: Thu, 10 Mar 2011 14:24:41 -0500 From: Jeff Morriss <jeff.morriss.ws () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] question about SCTP multi-homing Message-ID: <4D792579.8020402 () gmail com> Content-Type: text/plain; charset=GB2312 WangWeiguo wrote:Hi all, Anyone can help with this SCTP multi-homing question? I've read the spec. (RFC 4960) and googled, but still it's quite hard to really understand the essentials of the multi-homing. The question is based on the diagram as following, which is a SCTP association beteen End Point A and B, on each End Point has two IP addresses serving this SCTP association: Node A Node B IP A1 ------- IP B1 \ / \ / /\ / \ IP A2 ------ IP B2 In this way, there are actually 4 physical links in this single association: A1 -> B1, A2 -> B2, A1 -> B2, and A2 -> B1. The question is: among these 4 links, how many can be defined as Prime? From the spec., it looks like *_only one_* pair of IP addresses (ig. A1->B1) can be defined as prime so all traffic actually just goes on this link only, however in this way it means that among the 4 available links, only one is bearing traffic in normal cases and all other 3 are standby in case of prime failure, it doesn't look like make sense if compare to the possibility of having 2 out of 4 as prime and other 2 as standby. Furthermore, in case of prime (say A1-> B1) failure, which of the other three will take over and how are they prioritized?When asking a new question or starting a new topic of discussion, please do not reply to an email on another topic. Doing so messes up the threading (grouping of messages with the same topic together) in many email clients. The IETF tsvwg mailing list might be a good place to discuss this too. Anyway, yes, only one pair of IP addresses would be considered the primary. The idea (in 4960) is that all packets should (excepting retransmissions) travel on the same path until path failover. (There is a draft for loadsharing on all paths.) In the case of primary path failure, the same 4960 clause applies:When retransmitting data that timed out, if the endpoint is multi- homed, it should consider each source-destination address pair in its retransmission selection policy. When retransmitting timed-out data, the endpoint should attempt to pick the most divergent source- destination pair from the original source-destination pair to which the packet was transmitted. Note: Rules for picking the most divergent source-destination pair are an implementation decision and are not specified within this document.As it says, "most divergent" is more complicated when you're dealing with both source and destination IP addresses. To me, this means "change both the source and destination addresses." Of course if you have more than 2 source and/or destination IP addresses, then you have more than 1 equally divergent choices. ------------------------------ Message: 14 Date: Thu, 10 Mar 2011 11:25:46 -0800 From: Guy Harris <guy () alum mit edu> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] Help with Zigbee decryption Message-ID: <BFFF69E6-72C2-4A07-BE9D-CB167FD99B02 () alum mit edu> Content-Type: text/plain; charset=us-ascii On Mar 9, 2011, at 3:38 PM, Joe Desbonnet wrote:BTW: if anyone has the ZENA 802.15.4 / ZigBee network analyzer from Microchip Technologies, I've written a short Linux C utility that streams the packets from the device in PCAP format and can be piped into Wireshark. Details here: http://code.google.com/p/microchip-zena/At some point, it might be interesting to incorporate that code into libpcap. The main issue is that it would need a libpcap API to select the channel, but that can be added. ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users () wireshark org https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 58, Issue 9 **********************************************
-- Paula Dufour 410-857-9069 (h) 301-939-7918 (w) 443-340-9839 (c) psdufour () gmail com
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark-users Digest, Vol 58, Issue 9 Paula Dufour (Mar 10)