Ethereal-dev: Re: [Ethereal-dev] Flexible file formats

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Fri, 22 Dec 2000 13:24:07 -0800
On Fri, Dec 22, 2000 at 05:05:07PM +0100, Peter Dons Tychsen wrote:
> I am creating a packet trace (sniffer) function for a series of 
> routers. The router supports many different interfaces (ISDN/WAN/LAN) 
> and protcols (IP/TCP/PPP/HLDC....). In what file format should i save 
> the output in to be as compatible with ethereal as possible. What 
> format is most flexible? 

As Gilbert suggested, libpcap format is probably the best choice.  One
of the things that makes it flexible is that libpcap is open source and
actively being developed.

Currently, the link-layer formats it supports (other than those that are
"software-defined", such as DLT_NULL, which is used for loopback
devices) include:

	Ethernet

	Token Ring

	FDDI

	SLIP

	PPP (several different flavors, depending on what parts of the
	header show up; the one you want may be DLT_PPP_SERIAL, which
	originally came from NetBSD, and which can be used either for
	traffic with a PPP header or for traffic with a Cisco
	point-to-point HDLC header as described in section 4.3.1 of RFC
	1547)

	IEEE 802.11 wireless LAN