First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

how to display IPMB capture files

  • retag add tags

Could I please have progressive instructions to display IPMB. I have tried loading several captures offered on this site and am unable to config Wireshark to recognize the protocol. I have the protocol enabled. I have looked thoroughly, if I missed something I apologize.

jclark's avatar
1
jclark
asked 2019-03-21 13:58:04 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Do you have a link to the captures?

grahamb's avatar grahamb (2019-03-21 14:03:08 +0000) edit
more
  • delete

https://wiki.wireshark.org/SampleCapt...

IPMB ipmb.multi.packets.pcap (libpcap). IPMB interface capture file, include multiple request and response packets.

FYI, there are two bytes proceeding the actual protocol I do not recognize. Perhaps I need to modify the file?

jclark's avatar jclark (2019-03-21 14:12:40 +0000) edit
more
  • delete

I've also tried SampleCaptures/ipmb.ipmb_traced.pcap. This file appears to me to be seen as i2c. I've decoded _both_ files for a couple of messages. The ipmb.ipmb file is "straight up". The first message looks to be an Event Message on the FRU Operational State sensor. All the fields decode out with no extra bytes as with the first file and all the fields are correct. I don't see a lot of "knobs" to play with in the Shark. There's Edit>Preferences>Protocols and Analyze>Enabled Protocols. I've tried all the combinations of different related switches. It seems to be the file itself that makes the difference. The Shark's a great tool for Etherland, I've used it for longer than I'd care to admit. A pointer or two here would be great if anyone has a moment.

jclark's avatar jclark (2019-03-21 21:52:54 +0000) edit
more
  • delete

FYI, there are two bytes proceeding the actual protocol I do not recognize. Perhaps I need to modify the file?

No, you need to run a version of Wireshark built from the tip of the master branch; this change adds support for the link-layer header type in the ipmb.multi.packets.pcap file, including the two extra bytes (the first of which conveys no additional information and the second of which doesn't convey anything explained by anybody).

ipmb.ipmb_traced.pcap has a different link-layer header type that was already supported.

Guy Harris's avatar Guy Harris (2019-03-23 20:33:18 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Decode instructions as follows...

Analyze/Decode As/

Left click far left had column to select i2c

Right click far right hand column to select IPMB

I don't know if it was my mouse, windoz, or just the app. But it took a heck of a lot of right clicking on that far right column to get the pull down.

I'll try on the linux host next. I am more comfortable there.

jclark's avatar
1
jclark
answered 2019-03-22 15:00:42 +0000, updated 2019-03-22 15:26:36 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Works fine on Linux too. :)

jclark's avatar jclark (2019-03-22 15:42:46 +0000) edit
more
  • delete

But it took a heck of a lot of right clicking on that far right column to get the pull down.

...and you have to tab or click out of it before clicking "Save" or "OK" in order for the change to take effect, at least on macOS.

Guy Harris's avatar Guy Harris (2019-03-23 20:34:41 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer