diff options
| author | Guy Harris <guy@alum.mit.edu> | 1998-11-15 05:29:17 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 1998-11-15 05:29:17 +0000 |
| commit | 86bf1fc851b5564f5700a937de3213e8354aa52e (patch) | |
| tree | 46a497072e194a9ed5f20733549362347c4d6eef /wiretap/README | |
| parent | 8efdf8a74c3f0c32a380d15aeed0a3f6aff56a29 (diff) | |
| download | wireshark-86bf1fc851b5564f5700a937de3213e8354aa52e.tar.gz | |
Add support to wiretap for reading Sun "snoop" capture files.
That requires that, in the packet-reading loop, we pass to the callback
routine the offset in the file of a packet's data, because we can no
longer compute that offset by subtracting the size of the captured
packet data from the offset in the file after the data was read -
"snoop" may stick padding in after the packet data to align packet
headers on 4-byte boundaries.
Doing that required that we arrange that we do that for "libpcap"
capture files as well; the cleanest way to do that was to write our own
code for reading "libpcap" capture files, rather than using the
"libpcap" code to do it.
Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c",
as they're not used elsewhere.
If we're using wiretap, don't define in "file.h" stuff used only when
we're not using wiretap.
Update the wiretap README to reflect Gilbert's and my recent changes.
Clean up some memory leaks in "wiretap/lanalyzer.c" and
"wiretap/ngsniffer.c", where the capture-file-format-specific data
wasn't freed if the open failed.
svn path=/trunk/; revision=91
Diffstat (limited to 'wiretap/README')
| -rw-r--r-- | wiretap/README | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/wiretap/README b/wiretap/README index f4c7f2f2a0..980c809330 100644 --- a/wiretap/README +++ b/wiretap/README @@ -1,4 +1,4 @@ -$Id: README,v 1.2 1998/11/12 06:01:17 gram Exp $ +$Id: README,v 1.3 1998/11/15 05:29:05 guy Exp $ Wiretap is a library that is being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. Libpcap is @@ -36,19 +36,15 @@ File Formats Libpcap ------- -Currently the libpcap file format is handled by linking in the pcap library. -Eventualy libpcap will not be linked in with wiretap as to avoid the overhead -of bringing in the libpcap packet capturing and BPF optimizing code. +The "libpcap" file format was determined by reading the "libpcap" code; +wiretap reads the "libpcap" file format with its own code, rather than +using the "libpcap" library's code to read it. Sniffer ------- -The Sniffer format has been deduced by looking at hex dumps of Sniffer trace -files. I have access to many Token-Ring Sniffer trace files, but very few -ethernet Sniffer trace files. I am guessing as to which field in the header -denotes link type. Perhaps I am wrong; perhaps only the file extension (*.enc -vs. *.trc) denotes the link type. If you have a Sniffer trace file which -doesn't work with wiretap, please send it to me. BTW, I have not yet figured -out how packet timestamps are stored in the Sniffer format. +The Sniffer format, at least for Token-Ring, is documented in the +Sniffer manual. Unfortunately, Sniffer manuals tend to document only +the format for the Sniffer model they document. LANalyzer --------- @@ -57,5 +53,9 @@ knowledge base for "Trace File Format". The code in wiretap so far only dumps the packet data; I have yet to decode the timestamp for each packet. At least I have the format for this, so it will be supported soon. +"snoop" +------- +The Solaris 2.x "snoop" program's format is documented in RFC 1761. + Gilbert Ramirez <gram@verdict.uthscsa.edu> |