Ethereal-users: [Ethereal-users] How do I recover IGMP Multicast address (using igmp.maddr does
Title: Message
I'm using tethereal and the -z proto,colinfo option
to try and capture the relevant IGMP info:
As per http://www.ethereal.com/docs/dfref/i/igmp.html:
igmp.type
igmp.resp_time
igmp.??????? multicast
address as displayed in Ethereal when looking at IGMP info……
In the DVMRP information (http://www.ethereal.com/docs/dfref/d/dvmrp.html) one can find the following igmp entries:
igmp.daddr
IPv4 address Dest Addr 0.9.0 to 0.10.3
igmp.maddr
IPv4 address Multicast Addr 0.9.0 to 0.10.3
igmp.naddr
IPv4 address Neighbor Addr 0.9.0 to
0.9.4 Note old version!
igmp.neighbor
IPv4 address Neighbor Addr 0.9.0 to 0.10.3
igmp.netmask IPv4 address
Netmask 0.9.0 to 0.10.3
igmp.saddr IPv4 address Source
Addr 0.9.0 to 0.10.3
igmp.maddr seems to correspond
to the entry I want, i.e. the Multicast address as correctly displayed for IGMP
messages in the Ethereal window.
Unfortunately using the display
filter in Ethereal (igmp.maddr) shows no IGMP packets. The entry is
accepted ie green, but no packets are shown.
Using tethereal :
tethereal -f "igmp" -z
proto,colinfo,igmp.maddr,igmp.maddr
gives no output…….the normal
packet info and colinfo message is displayed, but not igmp.maddr == "Multicast
address"
I've tried all the other igmp
entries that have addresses in them, to no avail.
Using this approach for
igmp.type works as expected, as does igmp.resp_time.
If anyone has any ideas, has
had the same problem or has seen it work, please let me know.
The only workaround I can see
is using the -x option ie printing the hex and ascii dump (the verbose -V option
could also be used but gives lots more data).
Running Ethereal 0.10.3 and WinPcap3.0
on Windows XP Professional.
Thanks for any help,
David Castleford