On Tue, Apr 03, 2001 at 11:18:10PM -0700, Guy Harris wrote:
> On Wed, Apr 04, 2001 at 11:00:28AM +0530, umesh@xxxxxxxxxxxxx wrote:
> > I have stared using ethereal recently. I am testing LAPD protocol
> > and the LAPD over T1 card. How do I capture LAPD data using ethereal
> > in this scenario.
>
> That depends on the OS you're using, whether that OS supports capturing
> D-channel traffic using the standard mechanism used by libpcap on that
> OS, and whether libpcap can handle that.
>
> If you can't use libpcap to capture LAPD traffic, Ethereal can't capture
> it - you'll have to find some other way to capture the LAPD traffic,
> and, if that other way doesn't put it in a form Ethereal can read,
> convert it to such a format. (The only formats for LAPD traffic
> Ethereal can currently read are Network Associates Sniffer (the
> DOS-based sniffer) and the files produced by the "i4btrace" program on
> various BSDs.)
If the OS is, say, Solaris (as I suspect it might be, given the stuff I
found on CoSYSTEMS' Web site), then it *MIGHT* be possible to modify the
libpcap library's module for handling DLPI ("pcap-dlpi.c") to let you
capture D-channel LAPD traffic, but the standard "pcap-dlpi.c" won't do
it.
Source to libpcap can be found at
http://www.tcpdump.org/
You'll need to add a new DLT_ type to libpcap for this (please *don't*
pick a number at random for it; send mail to tcpdump-workers@xxxxxxxxxxx
asking for a new number).
Once you've modified it, Ethereal will have to be modified for the new
DLT_ type; we can probably tell you what you'd need to change.
