Wireshark · Ethereal-dev: [ethereal-dev] Re: Sniffer 3.50 file format

Ethereal-dev: [ethereal-dev] Re: Sniffer 3.50 file format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Joerg Mayer <jmayer@xxxxxxxxxxxxxxxxxxxxxx>

Date: Thu, 22 Jun 2000 23:20:38 +0200 (MET DST)

Barett,

when I read Sniffer I thought about NG, not Netxray. Nevertheless, it seems
the only thing that needed doing was adding the new version to the list of
supported file formats. The attached patch makes tethereal -r ... work. I'm
not completely happy with this solution as it will add identical cases (and
wtap formats) as time goes by but it's better than no support.

 Ciao
    Jörg

PS: Gilbert or Guy: Please apply this patch or something similar to CVS.
PPS:  Changelog: Support for Netxray file format 002.002

On 22 Jun 2000, Barrett Nicholas wrote:

> Joerg: Here's a couple short captures that while not too interesting, should
> let you verify that they can be opened.
> 
> regards,
> 
> Barrett
> 
> Joerg Mayer <jmayer@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> > Barrett,
> > 
> > a fix was checked into the current CVS last week. If you want me to test
> > please mail the capture file to me and I'll see what I can do.
> > 
> >  Ciao
> >       Jörg
> > 
> > On 16 Jun 2000, Barrett Nicholas wrote:
> > 
> > > NAI's Sniffer changed file formats with the 3.50 release - I'd suggested
> as a
> > > wish-list item the ability to read such files, and was pointed here. I
> have
> > > 3.50, can provide trace files or perform a trace of some specific network
> > > activity, whichever is most useful. Anyone interested in having me send
> them
> > > some traces, or have a ftp site where I could land them for general
> access?
> > > Just looking through what's handy, I can easily come up with several 2 -
> 300KB
> > > files that should have a decent mix of traffic. Let me know how I can
> help,
> > > 
> > > regards,
> > > 
> > > Barrett
> > > 
> > > ____________________________________________________________________
> > > Get free email and a permanent address at http://www.netaddress.com/?N=1
> > > 
> > > 
> > 
> > --
> > Joerg Mayer                                 eMail: <jmayer@xxxxxxxxxxxxx>
> > Give an engineer a problem and a curious form of time dilation occurs /AC
> 
> 
> ____________________________________________________________________
> Get free email and a permanent address at http://www.netaddress.com/?N=1
> 

--
Joerg Mayer                                 eMail: <jmayer@xxxxxxxxxxxxx>
Network Administrator / IT                        Phone: +49 6171 977 170
Dimension Data / Telemation                       Fax  : +49 6171 977 177
In den Schwarzwiesen 8                                        CCIE # 2852
D-61440 Oberursel                                                       *
Give an engineer a problem and a curious form of time dilation occurs /AC

*** ./wiretap/netxray.c.distrib	Thu Jun 22 22:22:02 2000
--- ./wiretap/netxray.c	Thu Jun 22 22:24:02 2000
***************
*** 72,77 ****
--- 72,81 ----
  	'0', '0', '2', '.', '0', '0', '1', '\0'
  };
  
+ static const char vers_2_002[] = {
+ 	'0', '0', '2', '.', '0', '0', '2', '\0'
+ };
+ 
  /* NetXRay 1.x data record format - followed by frame data. */
  struct netxrayrec_1_x_hdr {
  	guint32	timelo;		/* lower 32 bits of time stamp */
***************
*** 168,173 ****
--- 172,181 ----
  		timeunit = 1000000.0;
  		version_major = 2;
  		file_type = WTAP_FILE_NETXRAY_2_001;
+ 	} else if (memcmp(hdr.version, vers_2_002, sizeof vers_2_002) == 0) {
+ 		timeunit = 1000000.0;
+ 		version_major = 2;
+ 		file_type = WTAP_FILE_NETXRAY_2_002;
  	} else {
  		g_message("netxray: version \"%.8s\" unsupported", hdr.version);
  		*err = WTAP_ERR_UNSUPPORTED;
*** ./wiretap/wtap.h.distrib	Thu May 25 11:00:24 2000
--- ./wiretap/wtap.h	Thu Jun 22 22:53:42 2000
***************
*** 121,129 ****
  #define WTAP_FILE_NETTL				18
  #define WTAP_FILE_TOSHIBA			19
  #define WTAP_FILE_I4BTRACE			20
  
  /* last WTAP_FILE_ value + 1 */
! #define WTAP_NUM_FILE_TYPES			21
  
  /*
   * Maximum packet size we'll support.
--- 121,130 ----
  #define WTAP_FILE_NETTL				18
  #define WTAP_FILE_TOSHIBA			19
  #define WTAP_FILE_I4BTRACE			20
+ #define WTAP_FILE_NETXRAY_2_002			21
  
  /* last WTAP_FILE_ value + 1 */
! #define WTAP_NUM_FILE_TYPES			22
  
  /*
   * Maximum packet size we'll support.

Follow-Ups:
- Re: [ethereal-dev] Re: Sniffer 3.50 file format
  - From: Guy Harris

Prev by Date: [ethereal-dev] Nice to have in TCP Trace
Next by Date: [ethereal-dev] Re: [ethereal-users] Ethereal and WIN NT
Previous by thread: [ethereal-dev] Nice to have in TCP Trace
Next by thread: Re: [ethereal-dev] Re: Sniffer 3.50 file format
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$