admin2@xxxxxxxxxxxx wrote:
any one knows why (newest version) Wireshark cant handle Docsis packets ?
It can, but it can't handle a capture on an Ethernet that has both
regular Ethernet packets and DOCSIS packets in Ethernet framing, of the
sort that Cisco CMTS equipment puts on Ethernets for sniffing, because
it has no way to determine whether a packet is real Ethernet or
DOCSIS-in-low-level-Ethernet-framing.
That's what the capture you put into bug 2056 has. If you tell
Wireshark to interpret all frames as DOCSIS frames, you *can* see some
non-encapsulated-Ethernet DOCSIS packets; you also see raw Ethernet
packets which appear to be malformed if you try to interpret them as
DOCSIS frames.
When i snif on my Cisco CMTS e.g. DHCP req. from a Cablemodem, i can only
see the ip-pack. from the server.
What were the machines on the Ethernet on which you were sniffing? If
the only machines were the Cisco CMTS and the machine running Wireshark,
you might want to ask Cisco why, for example, frame 10 of your capture
is an Ethernet packet with a DHCP request coming from some type of cable
device and frame 11 appears to be that packet forwarded as a DOCSIS
packet (and with the UDP checksum added, probably by the Cisco CMTS).
The rest packets are marked with : DOCSIS Mac specific[malformed packet.]
Only the ones that are raw Ethernet packets, rather than DOCSIS packets,
are. There are other non-IP packets, including DOCSIS packets not
containing Ethernet packets, visible in that capture.
