Wireshark-dev: Re: [Wireshark-dev] hpna 3.0
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 24 Jan 2008 22:52:08 -0800
Bill Fassler wrote:
Hey guys, I haven't done any Wireshark plugins or anything in quite a while, but am still part of the mailing list...
Someone just asked me if Wireshark sniffs HPNA 3.0
"Sniffs HPNA 3.0" in what sense?

Wireshark does two things - capture traffic, and dissect and analyze traffic.
The traffic it can capture depends mostly on the capabilities of:

	the hardware it's using to capture;

	the operating system it's running on;

	the driver for the hardware it's using to capture;

	the version of libpcap/WinPcap it's using.

If you want to plug directly into a phone wire or coax cable, without any USB or Ethernet bridge to your HPNA network, and sniff the traffic on that, you will probably need specialized hardware, and, unless that hardware appears to the host as a regular network adapter, you'd probably also need a specialized version of libpcap/WinPcap to talk to that hardware.
If that hardware supplies MAC-layer packets, complete with the 8-bit 
frame type field, you'd then require changes to Wireshark to be able to 
capture those frames, much less dissect them.
If, however, you have a USB HPNA adapter on a personal computer, that 
would probably show up as an Ethernet interface, and if you have a 
HomePNA-to-Ethernet bridge, that would *definitely* be an Ethernet 
interface.  In that case, capturing should probably Just Work, although 
the only frames you'd see would be Ethernet frames.
As for dissection, Wireshark knows nothing about non-Ethernet HPNA 
frames, and I don't see any dissector that handles HPNA link-layer 
control frames (Ethertype 0x886c).  Whether you'd get any of those 
frames with a USB HPNA adapter, or an Ethernet interface plugged into a 
HomePNA-to-Ethernet bridge, is another matter; if not, and that's the 
hardware you have, then it's irrelevant whether Wireshark could dissect 
non-Ethernet HPNA frames or HPNA link-layer control frames, as you won't 
see them - i.e. Wireshark is just capturing on what it thinks is an 
Ethernet.