> The Grand Unified IPX Filter would be, I think
>
> ether[12:2] <= 1500 && (ether[14:2] == 0xffff ||
> ether[14] == 0xe0) ||
> ether proto 0x8137
Ah, but just like in Physics, where there are four forces, IPX uses four
frame types. There's still Ethernet_SNAP. It's even worse than using
Ethernet_802.3, but I have seen it done.
There's also Token_Ring and Token_SNAP to be considered (as I believe
someone mentioned), although if I recall, Token_Ring is the default. I've
never seen anyone bind IPX to Token_SNAP (which is used for IP and
AppleTalk).
Incidentally, IBM's MSS routers only do IPX 802.3 (properly), so there's
probably more of that out there than one would otherwise guess.
This reminds me. I have a packet capture of some Bay Networks Autotopology
frames. I don't exactly have a dissector for them, but I know enough about
them that perhaps one could be written that simply identifies them for what
they are (llc.oui = 0x00.00.81, for starters).
Anybody interested in helping me write a dissector? I know just enough to
be dangerous. :-)
--J
