Ethereal-users: Re: [Ethereal-users] Serial Capture Analysis

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 16 Apr 2002 13:13:04 -0700
On Mon, Apr 15, 2002 at 04:31:44PM -0700, Benjamin Lee wrote:
> I have some raw serial data that I captured and want to have
> decoded by ethereal.  Basically its somthing I snarfed off a
> serial port, an inbound and outbound stream characters
> captured from an RS-232 port.  It's just some
> Hayes-compatible AT modem chatter followed by then PPP
> LCP/IPCP traffic and then some WSP/WTP on top.  Is ethereal
> able to decode the PPP and application level protocols in
> this stream?

No.  It can't read arbitrary file formats.

> Is there an easy way to massage the captured data into
> something ethereal can read?  I tried to write something
> using libpcap to reformat the data, but found that I had to
> in effect write a mini-analyzer which kinda defeats the
> purpose.

Eh?  What do you mean by "mini-analyzer"?

A program could read that file, throwing away the AT modem stuff, and
then parsing the data stream to carve PPP packets out of it.  All it'd
need to do would be to analyze enough of the packets to find the length;
it wouldn't have to analyze anything else.

Were Ethereal capable of reading that file, it'd have to do the same
thing - and would do it in code completely separate from the
packet-analysis code in the top-level directory.