I thank for the suggestion to use the format of capture of wiretap/ngsniffer.c.
Although it cannot lower the manual completely that describes the format
of dumpfile (the download is truncated), can give to format the dumpfile
starting of file wiretap/ngsniffer.c. I could indicate the sense of the
frames. Until now I have only proven it with protocol CHDLC of Cisco, in
these days I will test with PPP and Frame Relay.
thank you very much,
Francisco Pérez.
>-- Mensaje original --
>Date: Fri, 21 Oct 2005 21:05:11 -0700
>From: Guy Harris <gharris@xxxxxxxxx>
>To: Ethereal development <ethereal-dev@xxxxxxxxxxxx>
>Subject: Re: [Ethereal-dev] about hdlc decode and frame direction
>Reply-To: Ethereal development <ethereal-dev@xxxxxxxxxxxx>
>
>
>fmperez@xxxxxxxxxxxxx wrote:
>> Hello, desire to add to the Ethereal the capacity to analyze HDLC, indicating
>> felt of tramasa (of dce or dte), errors of crc, aborts and other parameters
>> of hdlc. My question is, Ethereal or does this or I must develop it?
I
>have
>> leido something on pseudo to header and there the direction would be incluída.
>> But not as pseudo_header is used. Which is the arhcivo format that I
>must
>> use? (I think that it does not have to be libpcap, since there it does
>not
>> have headed for the information of sense of plots)
>
>It is true that libpcap does not have, in the header for a frame, an
>indication of the direction of the frame or of any errors for the frame.
>
>A new libpcap format:
>
> http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
>
>will have that information, but there currently is no support for that
>in Ethereal or any other software (that support is being developed).
>
>The old Network General DOS Sniffer software's file format could be
>used. It's documented in
>
> http://www.mcafee.com/common/media/sniffer/support/sdos/operation.pdf
>
>and includes flags for the direction and for various errors. Ethereal
>would have to be modified to add those flags to a pseudo-header and to
>dissect them. I've checked into the Ethereal code for reading that file
>
>(wiretap/ngsniffer.c) some additional #defines and comments for those
>flags (but no code to process them). You would need to get a recent
>version of the Ethereal source from Subversion - those changes aren't in
>
>any release of Ethereal yet.
>
>When you say "HDLC", are you referring to a particular HDLC-like
>protocol, such as LAPB for X.25, LAPD for ISDN, etc.?
>
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev