Differences between revisions 4 and 5
Revision 4 as of 2004-12-19 10:42:59
Size: 2323
Revision 5 as of 2004-12-19 10:49:13
Size: 2323
Comment: fix the filterstring so it is correct
Deletions are marked like this. Additions are marked like this.
Line 39: Line 39:
 NDMP }}}  ndmp }}}

Network Data Management Protocol (NDMP)

NDMP is a protocol to manage network backups for mid and enterprise class environments.BR


NDMP was initially developed by the storage vendor Network Appliance but has since gained popularity in the industry and is now developed jointly by some industry vendors. BR There are 4 popular versions of NDMP in use today, versions 2, 3, 4 and 5.

Protocol dependencies

  • ["TCP"]: NDMP always uses ["TCP"] as its transport protocol. The well known TCP port for NDMP traffic is 10000. NDMP uses the same recordmarker as ONC-RPC to distinguish between PDU bondaries.
  • ["SCSI"]: SCSI is sometimes transported ontop of certain NDMP packets, in particular when the backup application wants to talk directly to the tape library behind the NDMP box.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).


The dissector has full support for version 2 of NDMP. This version is also the default version in Ethereal.BR Ethereal also contains a dissector for the SCSI protocol(s) which allows dissection of the SCSI payload for those NDMP commands that transport raw scsi.BR Ethereal has limited and very likely incomplete support for the changes in the protocol added after version 2.BRBR Please help ethereal become better at dissecting NDMP by donating example captures of non- version 2 uses and patches to the sourcecode to implement more of version 3, 4 and 5.

Preference Settings

See ["NDMP Preferences"].

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

Display Filter

A complete list of NDMP display filter fields can be found in the [http://www.ethereal.com/docs/dfref/NDMP/NDMP.html display filter reference]

  • Show only the NDMP based traffic:


Capture Filter

You cannot directly filter NDMP protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.


Network_Data_Management_Protocol (last edited 2008-04-12 17:51:38 by localhost)