Hello Gerald, >>> Gerald Combs <[EMAIL PROTECTED]> 11/29/07 10:43 AM >>> > Should we change the instances of "bootp" in the BOOTP/DHCP dissector to > "dhcp"? This isn't the first time this has confused someone.
When assisting co-workers with network problems the issue of having to use "bootp" to find the "dhcp" packets is often the first display filter problem they encounter! (The second one is that they have to enter "bootp" in lower case.) ;-) Should we change instances of "bootp" to "dhcp"? I personally don't think so but I _DO_ understand the desire for the change. As Japp pointed out "It's an extension to BOOTP". I believe (but haven't confirmed) that it's simply the presence of bootp option #53 that elevates the frame from a lowly old bootp payload to a dhcp payload. To filter specifically for "dhcp" packets from other types of "bootp" packets I sometimes use a display filter of "bootp.option.type==53". But BOOTP in it's original form is not dead. I'm sure others (like me) have older (perhaps misconfigured) devices that still spew simple bootp requests onto their networks. To filter for these from the legitimate dhcp traffic I use the display filter of "(bootp && !(bootp.option.type==53))". Perhaps this is one of those cases where a "hidden" display filter "dhcp" ==> "bootp.option.type==53" is warranted. But I'm skeptical of the "hidden" filter names for the many reasons discussed in the past. Something I've seen discussed somewhere (perhaps on the wireshark-dev list) was the notion of display filter "macros". The "macro" could be used by the user to augment the filter rules with new (preferred) names for complex filters pieces. That way instead of cutting and pasting snippets of complex filters, one could reference them via their simple "macro" name. I'm sure others have better arguments and ideas (both for and against changing "bootp" to "dhcp"). I hope you find this useful. Jim Young _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
