NDMP is a protocol to manage network backups for mid and enterprise class environments.
NDMP was initially developed by the storage vendor Network Appliance but has since gained popularity in the industry and is now developed jointly by some industry vendors.
There are 4 popular versions of NDMP in use today, versions 2, 3, 4 and 5.
SCSI: SCSI is sometimes transported ontop of certain NDMP packets, in particular when the backup application wants to talk directly to the tape library behind the NDMP box.
The dissector has full support for version 2 of NDMP. This version is also the default version in Wireshark.
Wireshark also contains a dissector for the SCSI protocol(s) which allows dissection of the SCSI payload for those NDMP commands that transport raw scsi.
Wireshark has limited and very likely incomplete support for the changes in the protocol added after version 2.
Please help wireshark become better at dissecting NDMP by donating example captures of non- version 2 uses and patches to the sourcecode to implement more of version 3, 4 and 5.
A complete list of NDMP display filter fields can be found in the display filter reference
Show only the NDMP based traffic:
You cannot directly filter NDMP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
Imported from https://wiki.wireshark.org/Network_Data_Management_Protocol on 2020-08-11 23:17:21 UTC