tcpdump mailing list archives

Re: decode MPLS-contained packets?

From: Gert Doering via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Thu, 7 May 2020 05:21:08 -0400 (EDT)

--- Begin Message --- From: Gert Doering <gert () greenie muc de>
Date: Thu, 7 May 2020 11:22:54 +0200

Hi,

On Thu, May 07, 2020 at 01:05:19AM -0700, Guy Harris wrote:

A mechanism where you could do something such as "-T tcp:1073:{protocol}"
to force traffic to TCP port 1073 to be dissected as the specified
protocol might be useful; in this case, we'd do something such as
"-T mpls:{protocol}" to force *all* MPLS packets to be dissected
as the specified protocol, and "-T mpls:{label}:{protocol}", to
force packets with a particular label to be dissected as the specified
protocol (which might mean you'd have to run tcpdump twice - once
to see what the label is, and once to decode the label.


I find this to be a fairly complex solution, at least for my use case.  

I know what I'm looking at ("tcpdump -s0 'label 12003'"), it's just 
tcpdump not knowing what these packets are - so for these simple cases, a 

  "-T mplsnocweth"
  "-T mplscweth"

(or whatever it's called in the end) would be sufficient.  The documentation 
would need updating to make clear what happens behind the scenes ("this 
forces some of the dissectors to decode the packet in a particular way", 
and then possibly explain for each -T value to what sort of packets it applies)


OTOH, as a long-term road map, why not :-)

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert () greenie muc de

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Re: decode MPLS-contained packets?, (continued)
- - - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
  - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
  - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
    - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 07)
  - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
  - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
    - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 07)
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 07)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 06)
  - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 06)
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 07)
    - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 07)
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 07)
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 07)
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 07)
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 08)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 07)
  - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 07)

(Thread continues...)