--- Begin Message ---
Hi,
I need to trace "MPLS-y" stuff between some routers, and wonder if
I'm missing tcpdump functionality here, namely "decode packets inside
MPLS".
I can match on "mpls" or "mpls ", but then I just get a hex
dump...
11:13:58.765851 MPLS (label 105, exp 0, ttl 254)
(
--- Begin Message ---
Hi,
On Tue, May 05, 2020 at 05:50:40AM -0400, Gert Doering via tcpdump-workers
wrote:
> Now, the two questions:
>
> - is there a switch I'm missing to decode packets-in-MPLS?
> (like, "packets in GRE" get decoded already)
> - if not, is
--- Begin Message ---
Hi,
On Tue, May 05, 2020 at 04:45:04PM +0200, Francois-Xavier Le Bail wrote:
> On 05/05/2020 12:15, Gert Doering via tcpdump-workers wrote:
> > 12:11:46.116238 MPLS (label 105, exp 0, ttl 254) (label 24003, exp 0, [S],
> > ttl 254) IP 10.27.99.2 > 10.2
--- Begin Message ---
Hi,
On Tue, May 05, 2020 at 06:45:27PM +0200, Francois-Xavier Le Bail wrote:
> > Attached as well. Not very smart yet, just does "what I need".
>
> Thanks,
>
> Patch for which tcpdump version?
github checkout, it identifies itself as
tcpdump version 4.10.0-PRE-GIT
(git
--- Begin Message ---
Hi,
On Tue, May 05, 2020 at 07:24:37PM +0200, Francois-Xavier Le Bail wrote:
> Ok, it had DOS line ending format ...
Not when I sent it, but who knows which mailer mangled it in surprising
and fascinating ways on the path...
gert
--
"If was one thing all people took for gr
--- Begin Message ---
Hi,
On Tue, May 05, 2020 at 07:28:28PM +0200, Francois-Xavier Le Bail wrote:
> On 05/05/2020 12:15, Gert Doering via tcpdump-workers wrote:
> > In my case, there is an MPLS control word before the ethernet header
> > (" "), and if I skip that
--- Begin Message ---
Hi,
On Tue, May 05, 2020 at 08:47:04PM +0200, Francois-Xavier Le Bail wrote:
> > So, given that the first 16 bits are "4 bit always 0, and 12 bits
> > reserved-must-be-set-to-0", using these as heuristics for "if two 0-bytes
> > are following the MPLS headers, it's a control
--- Begin Message ---
Hi,
On Thu, May 07, 2020 at 08:20:40AM +0200, Francois-Xavier Le Bail wrote:
> Proposed patch attached.
>
> With new '-T mplsethnocw' option to force 'Ethernet without Control Word'
> decode.
> (from Francesco Fondelli comment)
There's one bug here:
> +
--- Begin Message ---
Hi,
On Wed, May 06, 2020 at 11:54:55PM -0700, Guy Harris wrote:
> OK, so what *shark's MPLS dissector does is:
[..]
> "Looks like a valid Ethernet address" is defined as "the first three octets
> appear in Wireshark's file giving manufacturer names for OUIs". Tcpdump
> *cu
--- Begin Message ---
Hi,
On Thu, May 07, 2020 at 03:39:07AM -0400, Francois-Xavier Le Bail via
tcpdump-workers wrote:
> What if the first nibble is <> de 4, 6, 1, 0, e.g. 'f' like the first f of
> ff:ff:ff:ff:ff:ff ?
This is, as far as I understand, the primary reason why control word
was adde
--- Begin Message ---
Hi,
On Thu, May 07, 2020 at 01:05:19AM -0700, Guy Harris wrote:
> A mechanism where you could do something such as "-T tcp:1073:{protocol}"
> to force traffic to TCP port 1073 to be dissected as the specified
> protocol might be useful; in this case, we'd do something such as
11 matches
Mail list logo
