diff options
| author | Gilbert Ramirez <gram@alumni.rice.edu> | 1998-11-12 06:01:27 +0000 |
|---|---|---|
| committer | Gilbert Ramirez <gram@alumni.rice.edu> | 1998-11-12 06:01:27 +0000 |
| commit | c0f191e9e0c2d49564e42a23cfcd6a391569892c (patch) | |
| tree | b5635327a52f09fe041a808311d39e8bde8b3def /wiretap/README | |
| parent | fcb4c78a6a01d22f0db9d6de870342511030cb01 (diff) | |
| download | wireshark-c0f191e9e0c2d49564e42a23cfcd6a391569892c.tar.gz | |
I added the LANalzyer file format to wiretap. I cleaned up some code in the
wiretap functions to be more generic and therefore allow an easier integration
of more packet-capture file types. I also put in all the GPL copyrights in the
wiretap code.
svn path=/trunk/; revision=83
Diffstat (limited to 'wiretap/README')
| -rw-r--r-- | wiretap/README | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/wiretap/README b/wiretap/README index 82e1aad7db..f4c7f2f2a0 100644 --- a/wiretap/README +++ b/wiretap/README @@ -1,3 +1,5 @@ +$Id: README,v 1.2 1998/11/12 06:01:17 gram Exp $ + Wiretap is a library that is being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. Libpcap is great in that it is very platform independent and has a wonderful BPF @@ -28,3 +30,32 @@ to a file, like Sniffer. Currently, only #2 is available. Wiretap doesn't even do any filtering yet. It can only be used to read packet capture files. + +File Formats +============ + +Libpcap +------- +Currently the libpcap file format is handled by linking in the pcap library. +Eventualy libpcap will not be linked in with wiretap as to avoid the overhead +of bringing in the libpcap packet capturing and BPF optimizing code. + +Sniffer +------- +The Sniffer format has been deduced by looking at hex dumps of Sniffer trace +files. I have access to many Token-Ring Sniffer trace files, but very few +ethernet Sniffer trace files. I am guessing as to which field in the header +denotes link type. Perhaps I am wrong; perhaps only the file extension (*.enc +vs. *.trc) denotes the link type. If you have a Sniffer trace file which +doesn't work with wiretap, please send it to me. BTW, I have not yet figured +out how packet timestamps are stored in the Sniffer format. + +LANalyzer +--------- +The LANalyzer format is available from http://www.novell.com. Search their +knowledge base for "Trace File Format". The code in wiretap so far only dumps +the packet data; I have yet to decode the timestamp for each packet. At least +I have the format for this, so it will be supported soon. + +Gilbert Ramirez +<gram@verdict.uthscsa.edu> |