Differences between revisions 14 and 15
Revision 14 as of 2006-06-30 07:20:51
Size: 2161
Editor: c-66-41-192-208
Comment:
Revision 15 as of 2008-04-12 17:51:38
Size: 2177
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
NDMP is a protocol to manage network backups for mid and enterprise class environments.[[BR]] NDMP is a protocol to manage network backups for mid and enterprise class environments.<<BR>>
Line 6: Line 6:
NDMP was initially developed by the storage vendor Network Appliance but has since gained popularity in the industry and is now developed jointly by some industry vendors. [[BR]] There are 4 popular versions of NDMP in use today, versions 2, 3, 4 and 5. NDMP was initially developed by the storage vendor Network Appliance but has since gained popularity in the industry and is now developed jointly by some industry vendors. <<BR>> There are 4 popular versions of NDMP in use today, versions 2, 3, 4 and 5.
Line 9: Line 9:
 * ["TCP"]: NDMP always uses ["TCP"] as its transport protocol. The well known TCP port for NDMP traffic is 10000. NDMP uses the same recordmarker as ["ONC-RPC"] to distinguish between PDU bondaries.
 * ["SCSI"]: SCSI is sometimes transported ontop of certain NDMP packets, in particular when the backup application wants to talk directly to the tape library behind the NDMP box.
 * [[TCP]]: NDMP always uses [[TCP]] as its transport protocol. The well known TCP port for NDMP traffic is 10000. NDMP uses the same recordmarker as [[ONC-RPC]] to distinguish between PDU bondaries.
 * [[SCSI]]: SCSI is sometimes transported ontop of certain NDMP packets, in particular when the backup application wants to talk directly to the tape library behind the NDMP box.
Line 12: Line 12:
attachment:C:\ndmp-config-get-auth-attr-reply.png
attachment:ndmp-connect-client-auth-request.png
{{attachment:C:\ndmp-config-get-auth-attr-reply.png}}
{{attachment:ndmp-connect-client-auth-request.png}}
Line 16: Line 16:
The dissector has full support for version 2 of NDMP. This version is also the default version in Wireshark.[[BR]] Wireshark also contains a dissector for the SCSI protocol(s) which allows dissection of the SCSI payload for those NDMP commands that transport raw scsi.[[BR]] Wireshark has limited and very likely incomplete support for the changes in the protocol added after version 2.[[BR]][[BR]] Please help wireshark become better at dissecting NDMP by donating example captures of non- version 2 uses and patches to the sourcecode to implement more of version 3, 4 and 5. The dissector has full support for version 2 of NDMP. This version is also the default version in Wireshark.<<BR>> Wireshark also contains a dissector for the SCSI protocol(s) which allows dissection of the SCSI payload for those NDMP commands that transport raw scsi.<<BR>> Wireshark has limited and very likely incomplete support for the changes in the protocol added after version 2.<<BR>><<BR>> Please help wireshark become better at dissecting NDMP by donating example captures of non- version 2 uses and patches to the sourcecode to implement more of version 3, 4 and 5.
Line 19: Line 19:
See ["NDMP Preferences"]. See [[NDMP_Preferences]].
Line 22: Line 22:
* attachment:SampleCaptures/ndmp.pcap.gz * [[attachment:SampleCaptures/ndmp.pcap.gz]]
Line 24: Line 24:
A complete list of NDMP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/n/ndmp.html display filter reference] A complete list of NDMP display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/n/ndmp.html|display filter reference]]
Line 30: Line 30:
You cannot directly filter NDMP protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one. You cannot directly filter NDMP protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.
Line 33: Line 33:
 * [http://www.ndmp.org NDMP.ORG homepage]  * [[http://www.ndmp.org|NDMP.ORG homepage]]

Network Data Management Protocol (NDMP)

NDMP is a protocol to manage network backups for mid and enterprise class environments.

History

NDMP was initially developed by the storage vendor Network Appliance but has since gained popularity in the industry and is now developed jointly by some industry vendors.
There are 4 popular versions of NDMP in use today, versions 2, 3, 4 and 5.

Protocol dependencies

  • TCP: NDMP always uses TCP as its transport protocol. The well known TCP port for NDMP traffic is 10000. NDMP uses the same recordmarker as ONC-RPC to distinguish between PDU bondaries.

  • SCSI: SCSI is sometimes transported ontop of certain NDMP packets, in particular when the backup application wants to talk directly to the tape library behind the NDMP box.

Example traffic

C:\ndmp-config-get-auth-attr-reply.png ndmp-connect-client-auth-request.png

Wireshark

The dissector has full support for version 2 of NDMP. This version is also the default version in Wireshark.
Wireshark also contains a dissector for the SCSI protocol(s) which allows dissection of the SCSI payload for those NDMP commands that transport raw scsi.
Wireshark has limited and very likely incomplete support for the changes in the protocol added after version 2.

Please help wireshark become better at dissecting NDMP by donating example captures of non- version 2 uses and patches to the sourcecode to implement more of version 3, 4 and 5.

Preference Settings

See NDMP_Preferences.

Example capture file

* SampleCaptures/ndmp.pcap.gz

Display Filter

A complete list of NDMP display filter fields can be found in the display filter reference

  • Show only the NDMP based traffic:
     ndmp 

Capture Filter

You cannot directly filter NDMP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

Discussion

Network_Data_Management_Protocol (last edited 2008-04-12 17:51:38 by localhost)