0

I am using wireshark to look at ddp/rdma packets, which usually works fine. Sometimes wireshark can't recognize that the next protocol after tcp is ddp/rdma (although I know it is), so I tried using "decode as" but there is no option for ddp/rdma in there.

Is there a way to force wireshark to parse the packet as ddp/rdma?

Thanks!

user5165960
  • 65
  • 4
  • Possible dupe of [this one](http://stackoverflow.com/q/18936051/5583153) – Nacho Mar 17 '16 at 15:53
  • As I said, I already tried using "decode as" but for some reason there is no option for ddp/rdma in there. Do you know what might cause this? Thanks – user5165960 Mar 17 '16 at 16:21
  • If you read the accepted answer it says what you might need to do. "If you want to decode some custom-made protocol, you'll have to get or compile a dissector, which can be quite troublesome..." Custom made being a protocol which has no option under "decode as" in this case. – Nacho Mar 17 '16 at 16:30
  • That means that althogh wireshark knows how to parse these packets when it recognizes this protocol by itself, there is no simple way to tell him to parse those packets as ddp/rdma if it didn't recognize this protocol by itself? – user5165960 Mar 17 '16 at 16:45

1 Answers1

1

Is there a way to force wireshark to parse the packet as ddp/rdma?

The dissector for iWARP DDP/RDMA, if that's what you're referring to, is a "heuristic" dissector, which means that 1) it looks at otherwise-undissected TCP packets and tries to guess whether they're packets for it and 2) it doesn't have a "force this" option.

You should submit a bug to the Wireshark Bugzilla saying that Wireshark isn't recognizing the traffic as DDP/RDMA, and attach a sample capture.