On Mon, Oct 08, 2001 at 03:03:50PM +0100, Georgios Papadopoulos wrote: > I was wondering (since live capturing of frame relay packets using the > libpcap packet driver is depentant on various factors) how feasible is it to > dissect frame relay packets on sniffer capture files (e.g. capture a trace > with a hardware analyser such as domino and feed that to ethereal or > tcpdump) under windows or HP-UX (10.xx or above). How is ethereal able to > dissect FR from trace files?
By being able to read Sniffer capture files, as well as libpcap files, and so on. Tcpdump reads only libpcap files, as it uses libpcap to read files, and libpcap (at least currently) reads only libpcap-format files. Ethereal has its own library for reading capture files, the Wiretap library, which can read a number of formats, including libpcap and Network Associates Sniffer formats. In order to make Ethereal capable of reading files from a Wandel & Goltermann^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^HActerna Domino, the Ethereal developers would need to know the format of its capture files, either from documentation for the device or from reverse-engineering the format, using capture files of multiple link-layer types (so that we can try to find out where in the capture file, if anywhere, it specifies the link-layer type of the packets in the capture file). > Looking at the ethereal code a DLT_*type has been defined for FR in the > wiretap library, how did that value came up? The Wiretap library doesn't define DLT_ types, it defines WTAP_ENCAP_ types. It does use DLT_ types, but only in the code to read libpcap files. We defined a WTAP_ENCAP_FRELAY type, so that it can handle Sniffer files. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
