Ethereal-dev: Re: [Ethereal-dev] pppdump

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Sat, 5 Oct 2002 10:27:17 -0500 (CDT)
On 4 Oct 2002, Devin Heitmueller wrote:

> I am attempting to use Ethereal to capture data on a PPP interface. 
> Specifically, I do not want to capture at the IP level, but I want to
> get the PPP headers as well.  I tried to capture on ppp0, but I only got
> the IP packets.
> 
> First, can Ethereal dissect raw PPP?  Second can someone give me some
> direction on how to set this up under Linux.  The Ethereal documentation
> states that the "pppdump" file format is supported.  If someone has more
> information on how this works, I would be greatly appreciative.

According to

  http://www.ethereal.com/lists/ethereal-users/200012/msg00011.html

the Linux PPP drivers strip off any PPP data before handing a packet up to
the packet capture mechanism.  The Linux PPP daemon has a "record" option
that will save the traffic to a file in "pppdump" format, including PPP
headers and the direction of each packet.  This can be read by the pppdump
program or by Ethereal/tethereal.