Wireshark · Ethereal-users: RE: [Ethereal-users] RE: Analyzing Cisco HDLC

Ethereal-users: RE: [Ethereal-users] RE: Analyzing Cisco HDLC

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Talbert, Britt USA" <bctalber@xxxxxxx>

Date: Wed, 11 Aug 2004 23:38:18 -0700

 

	
	Guy,
	Thanks for the help...see below.  Sorry about the earlier confusion.

		>-----Original Message----- 
		>From: Guy Harris [mailto:gharris@xxxxxxxxx] 
		>Sent: Fri 8/6/2004 11:46 AM 
		>To: Talbert, Britt USA 
		>Cc: ethereal-users@xxxxxxxxxxxx 
		>Subject: Re: [Ethereal-users] RE: Analyzing Cisco HDLC
		>
		>
>On Fri, Aug 06, 2004 at 11:22:47AM -0700, Talbert, Britt USA wrote (in a
>fashion that makes it hard to distinguish his text from the text to
>which he's replying; can you please configure your mail reader to, when
>it includes text from the original message in the reply, mark it
>specially somehow, e.g. by preceding each line with "> "?):
>
>> > From: Guy Harris [mailto:gharris@xxxxxxxxx]
>> > Sent: Tuesday, August 03, 2004 5:16 PM
>> > To: Talbert, Britt USA
>> >
>> > Does the device on which you're capturing have a "/dev" entry?  If so,
>> > you might just look for names that correspond to its "/dev" entry, and
>> > use the name.
>>
>> No, I didn't see a /dev entry.
>
>So what code are you using to open the device?
>
>> > My program seems to successfully strip the frame delimiters and
>> > "destuff" the bits, however I tried to put it in libpcap format with
>> > editcap and it choked on the file.
>
>Editcap uses the exact same library to read capture files that Ethereal
>and Tethereal do, so it can't read any files that can't be read by
>Ethereal and Tethereal.
>
>What you need to do is have your program *itself* write the file out in
>libpcap format, using the libpcap routines "pcap_open_dead()" (to create
>a fake pcap_t to use to open the dump file for output - yes, the libpcap
>APIs for writing a capture file aren't as good as they should be; the
>fact that they assume you're doing a live capture from libpcap or
>reading a capture file from libpcap is only one of the problems),
>"pcap_dump_open()", "pcap_dump()", and "pcap_close()".
>

I am adding a function to my program using the above functions (and your

earlier reply), however I keep getting an "undefined reference to 'pcap_open_dead'"

error when I try to compile it.  I have included the #include <pcap.h> line, but

I must be missing something?  What gives?


>> Right now, I am only interested in
>> piping the captured file into Tethereal so that I can write out the HDLC
>> capture.  The next step would be to do it directly from the device.  Is
>> editcap the correct method?
>
>No.  See above.
>

Follow-Ups:
- Re: [Ethereal-users] RE: Analyzing Cisco HDLC
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] capturing 802.11b management frames
Next by Date: Re: [Ethereal-users] RE: Analyzing Cisco HDLC
Previous by thread: Re: [Ethereal-users] RE: Analyzing Cisco HDLC
Next by thread: Re: [Ethereal-users] RE: Analyzing Cisco HDLC
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$