Packet Analysis – Nigel’s Networking Nuggets

Dice Update

After updating our 6500 switches with SUP2T supervisors and with some Nexus switches on the way, I decided to play around with ERSPAN. Being able to capture traffic from a remote data centre directly to my workstation is very useful so I took the opportunity to update Dice to correctly format ERSPAN packets.

When the ERSPAN capture is sent directly to the host running the packet capture software, the captured data is encapsulated within GRE and an ERSPAN header as above. I thought it would be useful to be able to extract the original frames from the capture so added this option as well. When you save a capture you can now request that ERSPAN captures are extracted. For example, the frame above becomes:

Dice updated to version 3.0.22

I have just updated my free Windows packet capture and analysis tool to version 3.0.22. The updates include:

Support for the openflow protocol
Updates for the protocols 802.11,DNS and LISP
Minor other changes and bug fixes

The support for the openflow protocol is somewhat incomplete and only supports version 1.0 due to the lack of suitable captures to test with. I hope to improve the support in future updates.

Dice updated to version 3.0.15

I have just updated my packet capture and display tool to version 3.0.15. The updates include:

New protocol LISP
Updated protocols: DIAMETER, SMB2
Improved support for reading pcapng files
Comments in pcapng files are displayed

Update of Dice Network Capture and Analysis Tool

I have just uploaded Dice version 3.0.14 to my website. The update adds support for the Diameter protocol and makes minor tweaks to the ICMP and RADIUS protocols.

Dice update

I have just updated Dice to version 3.0.13. The main changes are updates to the IS-IS protocol to format additional extensions used by TRILL.

Dice is a Windows program that can capture and display network frames. It is available from here and is free.