Could I please have progressive instructions to display IPMB. I have tried loading several captures offered on this site and am unable to config Wireshark to recognize the protocol. I have the protocol enabled. I have looked thoroughly, if I missed something I apologize.
Decode instructions as follows...
Analyze/Decode As/
Left click far left had column to select i2c
Right click far right hand column to select IPMB
I don't know if it was my mouse, windoz, or just the app. But it took a heck of a lot of right clicking on that far right column to get the pull down.
I'll try on the linux host next. I am more comfortable there.
But it took a heck of a lot of right clicking on that far right column to get the pull down.
...and you have to tab or click out of it before clicking "Save" or "OK" in order for the change to take effect, at least on macOS.
Asked: 2019-03-21 13:58:04 +0000
Seen: 411 times
Last updated: Mar 22 '19
Do you have a link to the captures?
https://wiki.wireshark.org/SampleCapt...
IPMB ipmb.multi.packets.pcap (libpcap). IPMB interface capture file, include multiple request and response packets.
FYI, there are two bytes proceeding the actual protocol I do not recognize. Perhaps I need to modify the file?
I've also tried SampleCaptures/ipmb.ipmb_traced.pcap. This file appears to me to be seen as i2c. I've decoded _both_ files for a couple of messages. The ipmb.ipmb file is "straight up". The first message looks to be an Event Message on the FRU Operational State sensor. All the fields decode out with no extra bytes as with the first file and all the fields are correct. I don't see a lot of "knobs" to play with in the Shark. There's Edit>Preferences>Protocols and Analyze>Enabled Protocols. I've tried all the combinations of different related switches. It seems to be the file itself that makes the difference. The Shark's a great tool for Etherland, I've used it for longer than I'd care to admit. A pointer or two here would be great if anyone has a moment.
No, you need to run a version of Wireshark built from the tip of the master branch; this change adds support for the link-layer header type in the ipmb.multi.packets.pcap file, including the two extra bytes (the first of which conveys no additional information and the second of which doesn't convey anything explained by anybody).
ipmb.ipmb_traced.pcap has a different link-layer header type that was already supported.