On Tue, 8 Apr 2003, Guy Harris wrote: > On Tue, Apr 08, 2003 at 10:12:26PM +0530, Jambunathan Kalyanasundaram wrote: > > I am new to Ethereal and I would like to know > > whether it is possible to do Layer-3 and above > > logging using Ethereal. > > > > ie Can I log packets and read those captured > > packets without having a MAC Ethernet header. > > Yes, but you'd need to have some form of possibly-fake link-layer > header, containing, at minimum, some form of packet type indication, > unless all your traffic is IP traffic (which, as you're mentioning > Netware, I suspect it will *not* be). > > > Mainly I am interested in having Ethereal on > > NetWare. Strangely enough NetWare doesn't provide > > any mechanisms to see the MAC Header of a > > transmitted packet. > > What information *does* it let you see? Can you, for example, get a > packet type (IPv4, IPv6, ARP, IPX, etc.)? > > > Also is there an Netware port of Ethereal or > > do you know of anyone working on a possible port. > > I know of no port and I know of nobodoy working on a port.
The wiretap support I added for Cisco Secure IDS did not have any mac layer information and you could use that as a sample to get this working. I did however know that all packets would be IP. You wil need to know what type of packet it is to get the disectors working correctly. --Mike Mike Hall [EMAIL PROTECTED]
