From c0f191e9e0c2d49564e42a23cfcd6a391569892c Mon Sep 17 00:00:00 2001 From: Gilbert Ramirez Date: Thu, 12 Nov 1998 06:01:27 +0000 Subject: I added the LANalzyer file format to wiretap. I cleaned up some code in the wiretap functions to be more generic and therefore allow an easier integration of more packet-capture file types. I also put in all the GPL copyrights in the wiretap code. svn path=/trunk/; revision=83 --- wiretap/README | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'wiretap/README') diff --git a/wiretap/README b/wiretap/README index 82e1aad7db..f4c7f2f2a0 100644 --- a/wiretap/README +++ b/wiretap/README @@ -1,3 +1,5 @@ +$Id: README,v 1.2 1998/11/12 06:01:17 gram Exp $ + Wiretap is a library that is being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. Libpcap is great in that it is very platform independent and has a wonderful BPF @@ -28,3 +30,32 @@ to a file, like Sniffer. Currently, only #2 is available. Wiretap doesn't even do any filtering yet. It can only be used to read packet capture files. + +File Formats +============ + +Libpcap +------- +Currently the libpcap file format is handled by linking in the pcap library. +Eventualy libpcap will not be linked in with wiretap as to avoid the overhead +of bringing in the libpcap packet capturing and BPF optimizing code. + +Sniffer +------- +The Sniffer format has been deduced by looking at hex dumps of Sniffer trace +files. I have access to many Token-Ring Sniffer trace files, but very few +ethernet Sniffer trace files. I am guessing as to which field in the header +denotes link type. Perhaps I am wrong; perhaps only the file extension (*.enc +vs. *.trc) denotes the link type. If you have a Sniffer trace file which +doesn't work with wiretap, please send it to me. BTW, I have not yet figured +out how packet timestamps are stored in the Sniffer format. + +LANalyzer +--------- +The LANalyzer format is available from http://www.novell.com. Search their +knowledge base for "Trace File Format". The code in wiretap so far only dumps +the packet data; I have yet to decode the timestamp for each packet. At least +I have the format for this, so it will be supported soon. + +Gilbert Ramirez + -- cgit v1.2.1