Ethereal-dev: RE: [Ethereal-dev] FW1 monitor dissector patch

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Yaniv Kaul" <ykaul@xxxxxxxxxxxxxx>
Date: Thu, 27 Jun 2002 09:14:03 +0200
As far as I know, Solaris' snoop utility reads FW monitor files just fine.
What's the difference, then? I actually use Ethereal to look at FW monitor
files, so are you sure this patch is needed? (I am looking at higher levels
IP and above, usually, so maybe in the lower levels I'm missing something?).

-----Original Message-----
From: ethereal-dev-admin@xxxxxxxxxxxx
[mailto:ethereal-dev-admin@xxxxxxxxxxxx]On Behalf Of Guy Harris
Sent: Thursday, June 27, 2002 3:34 AM
To: Alfred Koebler
Cc: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] FW1 monitor dissector patch


On Thu, Jun 27, 2002 at 03:26:08AM +0200, Alfred Koebler wrote:
> > What's the format of an FW1 (Firewall-1? YES) monitor file?
> It is a "snoop" format
> with different meaning of the fields in the ethernet header.

But with nothing in the snoop header to indicate that it's not a normal
snoop file?

Sigh.

If so, I'd prefer to have an option to the Ethernet dissector to specify
whether the capture is an Ethernet capture or a Firewall-1 capture,
rather than putting a heuristic into the Ethernet dissector to try to
guess whether the packet is from a regular capture file or a Firewall-1
log.

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev