Wireshark mailing list archives
Re: Displaying Cisco Cable Monitor and Intercept Traffic
From: Martin Dubuc <martind1111 () gmail com>
Date: Thu, 26 Aug 2010 07:27:08 -0400
The cable intercept traffic uses Ethernet without FCS. With the Ethernet without FCS dissector, I am able to decode the traffic appropriately. Martin On Wed, Aug 25, 2010 at 10:24 PM, Guy Harris <guy () alum mit edu> wrote:
On Aug 25, 2010, at 6:37 AM, Martin Dubuc wrote:I would like to display traffic coming out of a Cisco CMTS LAN analyzerport in Wireshark. This traffic is the result of configuring the CMTS with the cable monitor and intercept commands. The cable intercept command is used to capture all traffic that originates/terminates to a specific a MAC address. OK, so this is "cable intercept" rather than "cable monitor". All the DOCSIS stuff in libpcap/WinPcap and Wireshark is for "cable monitor".I am surprised that Wireshark is not able to decode the second part, theend-user traffic. Wireshark doesn't know about "cable intercept" packets. The Cisco documentation at http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_cmon.html says the UDP port number is user-specified, so we need something such as Decode As to specify the port. Does the encapsulated Ethernet packet have the FCS? (I suspect not, as "cable intercept" appears to be intended for wiretapping; I doubt the police care about the FCS of your Ethernet packets.) If not, then the encapsulated packets should be dissected by the "Ethernet, without FCS" dissector. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 25)
- Re: [Wireshark-users] Displaying Cisco Cable Monitor and Intercept Traffic Christopher Maynard (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 25)
- Re: [Wireshark-users] Displaying Cisco Cable Monitor and Intercept Traffic Christopher Maynard (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Guy Harris (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 25)
- Re: [Wireshark-users] Displaying Cisco Cable Monitor and Intercept Traffic Christopher Maynard (Aug 25)
- Re: Displaying Cisco Cable Monitor and Intercept Traffic Martin Dubuc (Aug 26)