Re: [tcpdump-workers] Linux tcpdump and Sun Solaris Snoop

Sat, 23 Nov 2002 02:02:21 -0800 

On Thu, Nov 21, 2002 at 06:32:30PM -0700, Robert Styma wrote:
>    I discovered your email in the manual page for tcpdump.  Linux 
> tcpdump and Sun Solaris snoop seem to have a common ancestor.

It may seem that way, but if there is such an ancestor, it's Sun's
etherfind, and neither tcpdump nor snoop much resemble that - I don't
think it even *had* a save file format, as it had no option to save
captured packets in raw binary form (raw hex, yes; raw binary, no):

        http://www.cs.rit.edu/~hpb/Man/_Man_SunOS_4.1.3_html/html8/etherfind.8c.html

> I have been unable to discover any way to read a dump captured with
> Sun Solaris snoop (snoop -r -o file) using tcpdump -n -v -r file
> Is there a way to accomplish this?

1) get Ethereal, and use its editcap program to convert the snoop file
   to a tcpdump file.

2) modify libpcap to read snoop files as well as tcpdump files (which
   can't be done the same way it's done with Ethereal - Ethereal, when
   checking for types of capture files seeks backwards to the beginning
   of the file and starts re-reading it for each new file type, but
   libpcap has to be able to read from a pipe and can't seek backward).

I think I still have some code to do 2), but I don't seem to have it
here at home, so I can't supply it now (and probably won't be able to do
so until Monday at the earliest).  If people think it's a reasonable
thing to add to libpcap, I could check it in once the CVS server is
available again.

I'd suggest looking into 1) - Ethereal should run on any modern Linux
distribution, and also runs on Solaris (just as tcpdump does - tcpdump
isn't a Linux-specific program; it was originally developed for, I
think, BSD and SunOS).  See

        http://www.ethereal.com/

or check whether it's installed on your ISP's Linux boxes already or
came with their Linux distribution - if not, you could download and
build it for on your Solaris boxes, although you'd have to download and
install GLib as well (and GTK+, if you want Ethereal itself).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to