Ethereal-dev: Re: [Ethereal-dev] Ethereal & Layer 3 tapping

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Marc Milgram" <milgram@xxxxxxx>
Date: Tue, 08 Apr 2003 15:27:59 -0400
I wrote the ethereal wiretap parser for VMS TCPtrace files.  These files
usually only contain IP data.  I used ethereal extensively with TCPtrace
files, and almost never needed data from the Ethernet layer (and
certainly not for higher level protocols).

There was no need to generate fake Ethernet data.  I just marked the
packets as WTAP_ENCAP_RAW_IP.

I was planing on expanding this parser to handle ARP and ICMP packets -
which are output differently than other IP packets.  I found that if I
took the data from one of these packets, and stuffed it in an IP packet,
ethereal would handle the packet correctly.

Unfortunately, I no longer have access to VMS logs.  I also don't
currently have the time to make this enhancement.

-Good luck
-Marc


On Tue, 08 Apr 2003 23:11:27 +0530, "Jambunathan Kalyanasundaram"
<k_jambunathan@xxxxxxxxxxx> said:
> Ethereal, as I understand does logging og
> Layer 2 and above.
> 
> Is it possible for me to do a logging of
> just Layer 3 ( IP ) and above. This is
> assuming that I don't have access to the
> Layer 2 headers both in the send and receive
> path.
> 
> Will this Layer 3 logging limit the utility
> of Ethereal.