Problem with capturing DHCP Faillover (DHCPFO) Protocol and the OMAPI Protocol

[Jürgen Dietl <juergen.dietl () googlemail com>]

Hello,

I did a capture on the DHCP-Server. Because our DHCP runs on port 520 i
changed this in the preferences of the dhcpfo protocol.

I can decode the following message types.

3  = Binding Update
4  = Binding Acknowledge
5  = Connect
6  = Connect Acknowledge
7  = Update Request All
8  = Update Done
10 = State

When I now make a display filter with !dhcpfo.type==5 and !dhcpfo.type==4
.....

so that I filter out all this types I still have messages on port 520 that
can only be seen as "efs tcp dst port 520" with a source port not well known
(greater than 1024).

I am looking for the recovery-wait and. recovery-done etc. I assume that the
missing packets must be there. But wireshark do not decode this packet with
a DHCP Failover Header. Instead all the information is in data in the TCP
Header which then is difficult to decode.

Is there a way to decode also the rest?

I am also looking for the name of the OMAPI Protocol for changing the port
in preferences. It is in the supported protocol list as "OMAPI ISC Object
Management API" but I cant find any of these words.

Thanx a lot,
cheers,
Juergen

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe