Wireshark mailing list archives
Re: Sniffing LACP traffic with wireshark
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Fri, 30 May 2014 21:41:46 +0200
On 05/30/2014 05:52 PM, Kevin Wilson wrote:
Hello, I have wireshark-1.10.7-1. when I sniff LACP (Link Aggregation Control Protocol) traffic, I see "LACP" in the protocol column, and the ethertype is 0x8809 (Slow Protocols (IEEE 802.3))
No, the ethertype is 0x8809, which the Wireshark dissection engine then uses to feed the rest of the frame to the Slow Protocols dissector, which sets the protocol column to "LACP".
However, I need to sniff LACP traffic also from the command line with tshark (on Linux).
Perfect.
I see: tshark -d 0x8809 -i em1 I get this error: tshark: Parameter "0x8809" doesn't follow the template "<layer_type>==<selector>,<decode_as_protocol>" tshark: Unknown layer type -- 0x8809 And when running "tshark -d", which displays the list of all protocols, I don't see the LACP protocol.
Why do you think you need to define a "Decode as..." setting? Did you have to do that in Wireshark? I doubt it. And since Tshark uses the same Wireshark dissection engine it is quite capable of figuring out that frames with ethertype 0x8809 should be handed to the Slow Protocols dissector.
It is strange that with the wireshark GUI client, 0x8009 is recognized as LACP, while "thsark -d" does not show the LACP. Please adive, how can I sniff with tshark client with filtering for 0x8009 Ehtertype (LACP). (with -d ethertype==...)
So you want to use a capture filter for LACP traffic? Sure, use the -f option with "ether proto 0x8809" as expression" Thanks, Jaap ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Sniffing LACP traffic with wireshark Kevin Wilson (May 30)
- Re: Sniffing LACP traffic with wireshark Jaap Keuter (May 30)
- Re: Sniffing LACP traffic with wireshark Guy Harris (May 30)
- Re: Sniffing LACP traffic with wireshark Guy Harris (May 30)