Ethereal-dev: Re: [Ethereal-dev] using etheral with networks other then ethernet?
On Wed, Feb 27, 2002 at 01:22:37PM -0500, MICHAEL M DELANEY wrote:
> Is it possible to use etheral to capture packets from a network other then
> ethernet?
Yes - it's been used to capture on Token Ring, FDDI, IEEE 802.11
wireless LAN devices, and PPP interfaces, for example.
> We're going to be using some CANbus at work, and I'm thinking
> about writing a plugin for it.
A plugin would let Ethereal dissect those packets, but it wouldn't make
any difference to its ability to *capture* them - an Ethereal plugin is
just a packet dissector; that's the only place you can plug stuff in.
If CANbus devices appear, on whatever operating system you'd be running
Ethereal, as network devices (i.e., if it's UNIX, if it shows up in
"ifconfig -a" - assuming your UNIX isn't one with a feeble "ifconfig"
command that doesn't support "-a" *cough* HP-UX *cough*, and, if it's
Windows, if it's an NDIS device), then it might be possible to capture
on it using the libpcap library that Ethereal uses for packet capturing
*if*:
1) the driver plugs into whatever OS mechanism libpcap uses for
capturing (the mechanism differs from OS to OS);
2) a DLT_ type exists for CANbus.
If they *don't* appear as network devices, you'd have to write a program
to get the raw packet information and write it out in libpcap format...
...using a DLT_ type for CANbus.
(If there doesn't exist a DLT_ type for CANbus, you can ask
"tcpdump-workers@xxxxxxxxxxx" for one.)
