What is the technical reason why DDP AppleTalk doesn't work with WiFi?

[theirongiant]

Since we're on the topic of AppleTalk / DDP, I have been doing some Wireshark captures from said virtual router to get a better understanding of AppleTalk. The packets are just raw data on UDP port 387 (port resolves as "aurp").

It appears, at first glance, that Wireshark supports interpreting AppleTalk: it includes "dissectors" for ATP and DDP. However, they don't appear in the list of "decoders," and I can't figure out how to get Wireshark to dissect or translate these packets.

My Wireshark is the latest version (4.6.4).

Is there a dissector or translator missing? Or is its support for ATP limited to analysis of AppleTalk traffic over TCP?

 

[NJRoadfan]

On the mail interface selection screen use filter "atalk" for all DDP packets. I generally set this as "atalk or aarp" to get all startup traffic. Once sniffing, you can use "afp","asp","atp","aarp", and "pap" to isolate specific protocols as well. Wireshark does not have dissectors for MacIP (TCP/IP encapsulated by AppleTalk).

AURP is the AppleTalk-over-TCP/IP tunneling protocol used to run GlobalTalk. WireShark may not properly decode these packets either, although it shouldn't be hard to add as its just another layer on top of the existing dissectors.

 

[theirongiant]

Well as it turns out, AppleTalk CAN be decoded neatly in Wireshark. Someone wrote a LUA plugin for it about two years ago. A guy named Jaap Keuter happened to be hanging out on the Wikipedia Discord and knew exactly what I needed:

GitHub - bytex64/aurp-dissector: A Lua Wireshark dissector for the AppleTalk Update-Based Routing Protocol

A Lua Wireshark dissector for the AppleTalk Update-Based Routing Protocol - bytex64/aurp-dissector

github.com

 

[shirsch]

I suspect my Wifi access point (Archer AX5400) does not properly handle DDP packets. I am able to connect to an appletalk server with zuluscsi, but the connection does not persist over reboot and no zones are visible. Does this make sense in the context of improperly handled DDP?

 

[NJRoadfan]

If you can see servers and connect to them, AARP should be working, which is what is usually mishandled by the WiFi access point. There may be other issues with multicast not working, which would screw with things like RTMP and ZIP packets. Does your ZuluSCSI machine properly acquire a node number in the correct network, or does it stay in the startup range?

If your router has a setting like "IGMP Proxy" and/or "IGMP snooping", try turning it off.

To confirm your WiFi bridge is working right, fire up Wireshark on Ethernet and filter for AARP packets. If the AARP packets from the ZuluSCSI machine come in as Ethernet II frames, your router is busted. They should be 802.3 SNAP frames.