Ethereal-dev: [Ethereal-dev] RE: [Ethereal-users] Not seeing RTP or RTCP traffic on Win2K
The attached files are a Network Associates Sniffer Windows WAN file and the
associated "print to file" file.
I noticed that Ethereal can read the Sniffer WAN.cap files and indicate that
it is a "Network Associates Sniffer (Windows-Based) 2.00x format. This is
displayed if you select file/save as. It seems the work to decode the
format is there, just not to save as.
As for RTP, they must look at the UDP packets and check for the RTP header.
Not sure, but they always show the RTP packets as RTP.
Regards,
Joe
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Friday, February 01, 2002 12:20 PM
To: Joe Aiello
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Not seeing RTP or RTCP traffic on Win2K
> I have a couple commercial LAN protocol Analyzers that do decode RTP
> automatically, but they are not worth the price.
How do they decide whether a packet is an RTP packet or not?
Ethereal will do that *if* it sees RTSP traffic setting up an RTP
session.
> I just wish I could export/save as to Sniffer WAN format
Is that the old DOS-based Sniffer, or the new Windows-based Sniffer? If
you can send us some Sniffer WAN capture files, and text files
containing the output of a "print to file" operation by the Sniffer that
generated them, we might be able to add the ability to write the files.
Attachment:
snifferwanformat.zip
Description: Binary data
