diff options
author | Gilbert Ramirez <gram@alumni.rice.edu> | 1999-01-02 06:10:55 +0000 |
---|---|---|
committer | Gilbert Ramirez <gram@alumni.rice.edu> | 1999-01-02 06:10:55 +0000 |
commit | 3688d96c459a5847a49d14264c0398600379f8b9 (patch) | |
tree | f87737491cb959697c6414b4ea1745e7528c1acc /wiretap/README | |
parent | d1a7effcf97733edfac7ea145cccddc1032cbf6f (diff) | |
download | wireshark-3688d96c459a5847a49d14264c0398600379f8b9.tar.gz |
Added the iptrace (AIX's packet-capture tool) file format to wiretap.
This necessitated a change in ethereal because iptrace supports multi-NIC
packet capturing, including multi-datalink-type capturing.
svn path=/trunk/; revision=145
Diffstat (limited to 'wiretap/README')
-rw-r--r-- | wiretap/README | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/wiretap/README b/wiretap/README index cfe0168720..f9071b0d4e 100644 --- a/wiretap/README +++ b/wiretap/README @@ -1,4 +1,4 @@ -$Id: README,v 1.4 1998/11/21 05:08:39 gram Exp $ +$Id: README,v 1.5 1999/01/02 06:10:55 gram Exp $ Wiretap is a library that is being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. Libpcap is @@ -27,6 +27,10 @@ LAN's firewall. 5. I want to look into the possibility of compressing packet data when saved to a file, like Sniffer. +6. The packet-filter can be optimized for the host OS. Not all OSes have BPF; +SunOS has NIT and Solaris has DLPI, which both use the CMU/Stanford +packet-filter psuedomachine. RMON has another type of packet-filter syntax +which we could support. Currently, only #2 is available. Wiretap doesn't even do any filtering yet. It can only be used to read packet capture files. @@ -42,23 +46,33 @@ using the "libpcap" library's code to read it. Sniffer (uncompressed) ------- -The Sniffer format, at least for Token-Ring, is documented in the -Sniffer manual. Unfortunately, Sniffer manuals tend to document only -the format for the Sniffer model they document. Ethernet seems to work well, -though. If you have an ATM Sniffer file, both Guy and I would be *very* +The Sniffer format is documented in the Sniffer manual. Unfortunately, +Sniffer manuals tend to document only the format for the Sniffer model +they document. Token-Ring and ethernet seems to work well, though. +If you have an ATM Sniffer file, both Guy and I would be *very* interested in receiving a sample. (see 'AUTHORS' file for our e-mail -addresses) +addresses). When using LANE, the ATM Sniffer appears to record the emulated +LAN information; that is, only the ethernet or token-ring information is +stored in the trace file, not any information about ATM cells. LANalyzer --------- The LANalyzer format is available from http://www.novell.com. Search their -knowledge base for "Trace File Format". The code in wiretap so far only dumps -the packet data; I have yet to decode the timestamp for each packet. At least -I have the format for this, so it will be supported soon. +knowledge base for "Trace File Format". "snoop" ------- The Solaris 2.x "snoop" program's format is documented in RFC 1761. +"iptrace" +--------- +This is the capture program that comes with AIX 3.x and 4.x. It has an +undocumented, yet very simple, file format. The interesting thing about +iptrace is that it will record packets coming in from all network interfaces; +a single iptrace file can contain multiple datalink types. I have tested +iptrace on ethernet and token-ring; if you can provide an iptrace file with +any other datalink type, I would appreciate a copy. (with the output from +'ipreport' too, if possible). + Gilbert Ramirez <gram@verdict.uthscsa.edu> |