Ethereal-dev: Re: [Ethereal-dev] Incorporating airopeek V 2.0 with ethereal 0.9.15
On Jan 26, 2004, at 7:52 PM, Parul Singla wrote:
1. Is it possible to incorporate Airopeek version 2.0 with Ethereal
0.9.15 version. I mean I want to parse Airopeek captured file through
ethereal 0.9.15 version. For this I defiantly need to add code in
"Wiretap" director. Will this work?
2. What is the file format for airopeek version 2.0? I was looking
onto google but couldn't find.
3. Do I need to install Ethereal version 0.9.16 and modify the
wiretap/airopeek.c to incorporate airopeek version 2.0 parsing code,
since right now it supports only version 9.0 and later..?
Note that the "9" in "wiretap/airopeek9.c" is the *file* version
number, not the *application* version number.
It appears that AiroPeek 2.0 uses AiroPeek file format 9. Earlier
versions of AiroPeek used the EtherPeek/TokenPeek(?)/AiroPeek version
7, and perhaps there were/are *Peeks that use version 8. Versions 5,
6, and 7 are handled by "wiretap/etherpeek.c".
As such, any version of Ethereal that supports AiroPeek version 9 files
should be able to read files from AiroPeek 2.0. The only such version
is Ethereal 0.10.0. If you want to backport that to an earlier version
of Ethereal, you're on your own; I, at least, don't provide support for
backports.
According to "wiretap/airopeek9.c" (there is no "wiretap/airopeek.c"),
the V9 format is described at
http://www.varsanofiev.com/inside/airopeekv9.htm
Note the comment at the end about time values.
