Ethereal-users: RE: [Ethereal-users] Nettl trace files from hpux.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "HJORTH,SHANE (HP-Australia,ex2)" <shane_hjorth@xxxxxx>
Date: Tue, 22 May 2001 14:23:00 +1000
Thanks for the reply Guy,


> > I am currently evaluating ethereal (binary version 0.8.16 - 
> from the UK
> > porting centre) as a gui for nettl trace files. 
> Unfortunately when I attempt
> > to read in the nettl files I get the following error:
> > 
> > Message: nettl: network type 6 unknown or unsupported
> 
> Type 6 is, at least according to "nettl.h" in the "wiretap" directory,
> NETTL_SUBSYS_NS_LS_TCP; I'm not particularly familiar with 
> "nettl", but
> that name suggests that the contents of a type 6 file might 
> contain TCP
> segments - Ethereal isn't set up to dissect TCP segments without IP
> header information (a number of dissectors would expect there 
> to be, for
> example, IP source and destination addresses available).
> 
> How was that "nettl" trace file produced?

The nettl file is produced by the nettl daemon running on the hpux server. I
am just surprised that the FAQ on the ethereal site inicates that nettl
trace files are supported but in all the trace files I have attempted, a
similar error is the result. 

> 
> > I do manage to get a single decoded x11 packet before the 
> error occurs
> 
> That suggests that the capture has a collection of multiple 
> *different*
> types of records in it, some of which are handled by Ethereal and some
> of which aren't.
> 

This was my thought as well. It looks like TCP packets aren't handled. I was
just wondering if anybody else has tried ethereal to read nettl trace files
successfully. It could be that the commands I am using to obtain the nettl
trance files are incorrect i.e. there are commands that format the trace
files into a form that ethereal can understand.

> > My question is this, has anybody else had any luck using 
> ethereal to decode
> > nettl trace files, and if so, under what conditions (OS 
> version, using a
> > plugin etc)??
> 
> A plugin will not help.  "Plugins" aren't pieces of code that 
> plug into
> arbitrary places in Ethereal, and make it do arbitrary new things;
> they're just protocol dissectors that are loaded at run time 
> rather than
> link time - there are no plugins for capture file types, much less
> plugins that *replace* the built-in readers for particular 
> capture file
> types.  (Perhaps there should be, but that's another matter.)
> 

Thats a pity, I only mention this because in the 0.8.18 changelog there is a
mention of a hpux plugin
"The release adds IP fragment reassembly, plugin support on HPUX machines,
and a command line option to set 'automatic scrolling' during captures. ".
I haven't seen any binaries of 0.8.18 so have been unable to try the plugin
: (

Thanks for all your help,

Shane Hjorth