I don't know about the trace tool remove, but I can get you the broke out
packet as the sniffer sees is.
It doesn't do a very thourough job of decoding it though, a bunch of the
bytes are left unidentified. I much prefer the way ethereal has been
written.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@xxxxxxx
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Farley, Tim (ISSAtlanta) [mailto:TFarley@xxxxxxx]
> Sent: Monday, December 13, 1999 2:53 PM
> To: 'Neulinger, Nathan R.'; 'ethereal-dev@xxxxxxxx'
> Subject: RE: [ethereal-dev] IBM Trace Tool present
>
>
> >This particular trace also has a "IBMNM: trace tool present"
> >dsap packet
> >will lots of stuff in it, that may be worth breaking out.
>
> Does anyone have info on the internal formatting of that packet?
>
> I'm also VERY interested in a corresponding packet in the
> same protocol,
> which I have seen reference to, called "trace tool remove".
> If anyone has
> info on that PLEASE contact me.
>
> =====================================
> Tim Farley
> Software Engineer
> tfarley@xxxxxxx
>
> Internet Security Systems, Inc.
> (678) 443-6000 / Direct Dial (678) 443-6189 / fax (678) 443-6479
> http://www.iss.net
>
> Adaptive Network Security for the Enterprise
> =====================================
>
> >-----Original Message-----
> >From: Neulinger, Nathan R. [mailto:nneul@xxxxxxx]
> >Sent: Monday, December 13, 1999 2:28 PM
> >To: 'ethereal-dev@xxxxxxxx'
> >Subject: [ethereal-dev] problems with sniffer save, need
> info on adding
> >info to NCP code
> >
> >
> >I was unable to open the saved capture from ethereal (latest
> cvs) with
> >sniffer pro. It claims it is an unsupported file format.
> >
> >As a note, sniffer pro seems to come with a bunch of different
> >traces that
> >have a LOT of weird stuff in them. I've been looking at them
> >with ethereal
> >to see what sort of stuff is in there, but haven't started
> writing any
> >updates
> >
> >It looks like there are a number of NCP functions that
> ethereal doesn't
> >identify, for example:
> >
> >create-service-connect 00/02 create a service connection
> >service-request 17/3d read property value request
> >destroy-conn 24/00 destroy connection
> >
> >I don't necessarily want to add all the dissectors for those,
> >but since I
> >have the information, I'd be happy to put in labels for the
> >various function
> >codes if someone could explain how. (I'm not sure on that
> >ncp2222 structure
> >what should be put in.)
> >
> >This particular trace also has a "IBMNM: trace tool present"
> >dsap packet
> >will lots of stuff in it, that may be worth breaking out.
> >
> >-- Nathan
> >
> >------------------------------------------------------------
> >Nathan Neulinger EMail: nneul@xxxxxxx
> >University of Missouri - Rolla Phone: (573) 341-4841
> >Computing Services Fax: (573) 341-4216
> >
>
