Wireshark · Ethereal-dev: RE: [ethereal-dev] T1-Interface

Ethereal-dev: RE: [ethereal-dev] T1-Interface

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jeff Foster <jfoste@xxxxxxxxxxxx>

Date: Mon, 10 Apr 2000 09:15:46 -0500

>> I use ethereal for some time with ethernet and now started to work
>> with T1. Is it planned to add some funktionality for T1? Or is it of
>> any interest to others to implement?

>I'm assuming by "T1" you're referring to a megabit digital wide-area
>network link of some sort, whether it's a North American 1.544Mb/s
>T1/DS1 or not.
>
>For T1, I see two issues:
>
>	1) capturing on a network interface plugged directly into a
>	   DSU/CSU, or whatever the device is called that you plug into
>	   a T1 line;

You have choices...

1) Connect directly into the T1 circuit (before the CSU)

2) V.35 serial interface serial  (after the CSU).

Sangoma (http://www.sangoma.com/) is one of several companies
that produce T1 or V.35 interfaces for linux.

The issue here is how to capture traffic in both directions.  These 
devices aren't built to listen on both the TX & RX lines.  I suspect
that you will have to install 2 of these devices.  Now you have to
figure out how to capture from 2 interfaces in ethereal.  


>	2) dissecting the link-level protocol being used.
>
>For the second issue, I have the impression that, typically, PPP is run
>over "T1 Classic", i.e.  over a physical point-to-point bit stream with
>no additional stuff such as Frame Relay involved, so our PPP dissector
>should be able to handle it (at least if the capture is recognized as a
>PPP capture).  If it's a Frame Relay link, we might need to add support
>for the low-level Frame Relay protocols.

Nortel (Bay Networks) uses a proprietary protocol called Welfleet standard,
and I believe that Cisco also has a proprietary protocol based upon HDLC.
In addition Nortel can compress the traffic if it is traveling on top of
PPP or Frame Relay. If you could decode the Nortel compression you would be
way ahead of any other sniffer; no one does it.

In addition I suggest that a remote/distributed sniffer protocol be
developed.
If you are running a sniffer at the far end of a remote line, you don't want
to send graphical XWindows traffic a crossed the line.

After all that... I am interested helping with this project.  This would
definitely separate ethereal from all the free/shareware sniffers out there.


Jeff Foster
jfoste@xxxxxxxxxxxx

Follow-Ups:
- Re: [ethereal-dev] T1-Interface
  - From: Guy Harris

Prev by Date: [ethereal-dev] 0.8.6: display bug
Next by Date: [no subject]
Previous by thread: Re: [ethereal-dev] T1-Interface
Next by thread: Re: [ethereal-dev] T1-Interface
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$