This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

IPMI packet decode

0

I'm trying to decode an IPMI packet. I presently don't have a means to get the packet into WireShark, because my computer does not yet have a working I2C port, so the packet below came from my logic analyzer.

20 10 D0 EE 00 02 04 F0 00 6F A0 80 C0 CD

This packet was sent by the system processor to the backplane.

If someone could please help me by telling me what the message above means byte-by-byte, I would be very grateful.

asked 22 Sep '16, 13:08

CLinquist's gravatar image

CLinquist
6114
accept rate: 0%

One Answer:

1

Wireshark decodes your payload as follows:

Intelligent Platform Management Bus
    Target Address: 0x20
    Target LUN: 0x00, NetFN: Sensor/Event Request (0x04)
        NetFn: Sensor/Event Request (0x04)
        .... ..00 = Target LUN: 0x0
    Header Checksum: 0xd0 (correct)
    Source Address: 0xee
    Source LUN: 0x00, SeqNo: 0x00
        .... ..00 = Source LUN: 0x0
        0000 00.. = Sequence Number: 0x00
    Command: Platform Event (0x02)
    Data
        Event Message Revision: IPMI 1.5+ (0x04)
        Sensor Type: Hot Swap (ATCA) (0xf0)
        Sensor #: 0
        Event Dir/Type: 0x6f
            0... .... = Event Direction: Assertion event
            .110 1111 = Event/Reading type: Sensor-specific (0x6f)
        Event Data 1: 0xa0
            10.. .... = Byte 2: OEM code (0x02)
            ..10 .... = Byte 3: OEM code (0x02)
            .... 0000 = Offset: M0 - FRU Not Installed (0x00)
        Previous state/Cause
            1000 .... = Cause: Invalid Hardware Address Detected (0x8)
            .... 0000 = Previous state: M0 - FRU Not Installed (0x00)
        FRU Id: 192
    Data checksum: 0xcd (correct)

answered 22 Sep '16, 13:23

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

Amazing, fantastic, and THANKS!

BTW: Where can I get the decoder for IPMI? My version seems to only handle Ethernet.

(22 Sep '16, 15:41) CLinquist

The decoder is part of the standard distribution of Wireshark, you just need to know how to feed Wireshark with your messages and tell it how to dissect them.

One way (there may be others I don't know about) is the following:

Prepend your data with a single 0 followed by a space, so you'll get 0 20 10 D0 EE 00 02 04 F0 00 6F A0 80 C0 CD and save the result to a text file with a blank line after it.

Then, use File -> Import from Hex Dump in Wireshark to import the file, choosing Encapsulation Type User0 (or any other UserX one if you already use User0 for any other purpose), and the No Dummy Header option.

Then, in the packet dissection pane, right-click the yellow line saying User encapsulation not handled..., choose Protocol Preferences->Encapsulations Table, and insert a new line into the table - choose UserX depending on which encapsulation you have indicated above for the DLT column, and write ipmi to the Protocol column.

This way you tell Wireshark to start dissecting the imported frame as IPMI data with no lower layer.

More details regarding import from hex dump are in the documentation. The graphical layout of the import window is a bit outdated there but the principle is described properly.

(23 Sep '16, 00:44) sindy