Wireshark · Wireshark-users: [Wireshark-users] Sniffing LACP traffic with wireshark

Wireshark-users: [Wireshark-users] Sniffing LACP traffic with wireshark

From: Kevin Wilson <wkevils@xxxxxxxxx>

Date: Fri, 30 May 2014 18:52:23 +0300

Hello,
I have wireshark-1.10.7-1.
when I sniff LACP (Link Aggregation Control Protocol) traffic, I see "LACP"
in the prtocol column, and the ethertype is 0x8809 (Slow Protocols (IEEE 802.3))

However, I need to sniff LACP traffic also from the command line with tshark
(on Linux).

I see:
tshark -d 0x8809 -i em1
I get this error:
tshark: Parameter "0x8809" doesn't follow the template
"<layer_type>==<selector>,<decode_as_protocol>"
tshark: Unknown layer type -- 0x8809
And when running "tshark -d", which displays the list of all protocols,
I don't see the LACP protocol.

It is strange that with the wireshark GUI client, 0x8009 is recognized as LACP,
while "thsark -d" does not show the LACP.

Please adive, how can I sniff with tshark client with filtering for 0x8009
Ehtertype (LACP). (with -d ethertype==...)

regards,
Kevin

Follow-Ups:
- Re: [Wireshark-users] Sniffing LACP traffic with wireshark
  - From: Jaap Keuter
- Re: [Wireshark-users] Sniffing LACP traffic with wireshark
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] New to Wireshark Application
Next by Date: Re: [Wireshark-users] Sniffing LACP traffic with wireshark
Previous by thread: [Wireshark-users] Wireshark Bluetooth packet capture?
Next by thread: Re: [Wireshark-users] Sniffing LACP traffic with wireshark
Index(es):
- Date
- Thread