Wireshark · Ethereal-dev: Re: [Ethereal-dev] tektronix k12xx rf5 support

Ethereal-dev: Re: [Ethereal-dev] tektronix k12xx rf5 support

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sat, 11 Jun 2005 10:17:19 -0700

LEGO wrote:

I been thinking on two ways to handle this, either compeletely by the
wiretap module or with the help of a specific dissector.

That's currently how similar issues with the nettl file format are beinghandled.

On the other hand If all of it is done by wiretap:

   - one day one users could use editcap to covert between k12 file
format and other formats, porvided that at least libpcap's
implementation supports per-packet  encapsulation. As wiretap's
libpcap format does not implement per-packet encapsulation yet.


In the long term, it'll have to handle that...

...and the way it'll handle it is similar to how it'd be handled for thek12xx's - the "per-packet" encapsulation will really be "per-interface",with each interface having a bunch of information about it available.(See http://www.tcpdump.org/pcap/pcap.html for information on that format.)


There's currently no time frame for when that'll be implemented.

One issue for that is that the per-interface information should be madeextensible, so that it can handle different file types. The pcap-NGformat is extensible in a number of places, including in theper-interface properties; we could probably just add to it newproperties corresponding to any k12xx per-source properties not in theset in


	http://www.tcpdump.org/pcap/pcap.html#sectionidb

  - The only way (I'm aware of) the user can talk with wiretap is via
environment variables. That makes very cumbersome to configure the
import mechanism. Other than that users should know exactly what's in
the files before opening the file.  I thought in using an environment
variable to point to a config file.

Environment variables are a bit clumsy in all cases, especially ifyou're running Ethereal directly from the GUI *and* want to change itper-invocation, and I think they're even clumsier in Windows.

It sounds as if the information that needs to be provided by the user isinformation to indicate the stack used by a particular source. Is thatbecause the information provided in the capture file - the name of a.stk file for the source, right? - isn't sufficient to indicate thestack used in all cases?


Luis

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Follow-Ups:
- Re: [Ethereal-dev] tektronix k12xx rf5 support
  - From: LEGO

References:
- [Ethereal-dev] tektronix k12xx rf5 support
  - From: LEGO
- Re: [Ethereal-dev] tektronix k12xx rf5 support
  - From: Guy Harris
- Re: [Ethereal-dev] tektronix k12xx rf5 support
  - From: LEGO
- Re: [Ethereal-dev] tektronix k12xx rf5 support
  - From: LEGO

Prev by Date: Re: SV: [Ethereal-dev] [PATCH] Voip Calls
Next by Date: [Ethereal-dev] Buildbot crash output
Previous by thread: SV: [Ethereal-dev] tektronix k12xx rf5 support
Next by thread: Re: [Ethereal-dev] tektronix k12xx rf5 support
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$