Ethereal-dev: Re: [ethereal-dev] Wiretap module to interpret pppd trace file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Daniel Thompson <daniel.thompson@xxxxxx>
Date: Wed, 6 Sep 2000 08:29:27 +0100 (BST)
Hello.

> <snip>
> Maybe we don't need to guess the format of the trace file, because it
> must be somewhere in pppd :)
> 
pppdump is a very simple format but to save time you might like this.
I have been doing some work with pppdump recently.

Don't take it as gospel truth as I haven't fully validated it but ...

To do my work I hacked pppdump to give me tcpdump output but doing that
means I lose the direction information which is rather useful!

	Cheers

	Daniel
	--xx--

pppdump
-------

+------+
| 0x07 +------+------+------+         Reset time
|  t3  |  t2  |  t1  |  t0  |         t = time_t
+------+------+------+------+

+------+
| 0x06 |                              Time step (short)
|  ts  |                              ts = time step (tenths)
+------+

+------+
| 0x05 +------+------+------+         Time step (long)
| ts3  | ts2  | ts1  | ts0  |         ts = time step (tenths)
+------+------+------+------+

+------+
| 0x04 |                              Receive deliminator
+------+

+------+
| 0x03 |                              Send deliminator
+------+

+------+
| 0x02 +------+                       Received data
|  n1  |  n0  |                       n = number of bytes following
|    data     |
|             |

+------+
| 0x01 +------+                       Sent data
|  n1  |  n0  |                       n = number of bytes following
|    data     |
|             |

--
Daniel Thompson (STMicroelectronics) <daniel.thompson@xxxxxx>
1000 Aztec West, Almondsbury, Bristol, BS32 4SQ. 01454 462659

Statistics: Where mean is normal and deviation is standard.