Re: [Wireshark-dev] ATM support in Wireshark

[Guy Harris]

On Jul 15, 2008, at 11:09 PM, Munish Dayal wrote:
Is there support for capturing and dissecting ATM traffic in  
Wireshark ?
Particularly for direct ATM traffic, for example ATM -> AAL2/AAL5  - 
> SSCOP/FP/other protocols.

Yes...

...but, on Linux, you can only do it with a DAG card from Endace.

I saw packet-atm.c, but I think it has support for LANE only (LAN  
emulation over ATM).

No.  It also handles LLC-multiplexed AAL5 traffic, ILMI traffic, and Q. 
2931 traffic, for example.

How does the current packet-atm.c work?

It either uses information supplied in the capture file to determine  
the traffic type, uses the VPI/VCI of the traffic, or uses some  
heuristics.

What sort of capture file does it require?

Direct ATM traffic can be read from:

        text output files from Catapult DCT2000 test equipment:

                http://www.catapult.com/products/dct2000.htm

	files from the EyeSDN devices (they don't talk about ATM on their  
site in any obvious place, but code was contributed to handle ATM in  
their files, so perhaps they did at one point):

                http://www.innoventif.com/

        files from IBM's iptrace utility on AIX;

        captures from some Tektronix K12 and K15 devices;

	SunATM captures, whether in libpcap format (done with tcpdump,  
Wireshark, etc.) or snoop format (done with snoop);

	captures done with Endace cards, whether in libpcap format (done with  
tcpdump, Wireshark, etc.) or ERF format (done with, I think, some  
software Endace offers);

        Microsoft Network Monitor 2.x ATM captures;

	ATM captures from Network General^W^WNetwork Associates^W^WNetwork  
General Sniffers;

	captures from Visual Networks UpTime Select (they're now owned by  
Fluke; I don't know whether that's still available).


Another question is regarding CLIP (classical IP over ATM). How does  
Wireshark/dumpcap captures CLIP traffic ?

It captures on a network adapter that implements CLIP.

Does ATM dissector come into picture here ?

No.  Those adapters don't supply raw ATM packets._______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev