Ethereal-dev: Re: [Ethereal-dev] FW1 monitor dissector patch

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 26 Jun 2002 18:33:40 -0700
On Thu, Jun 27, 2002 at 03:26:08AM +0200, Alfred Koebler wrote:
> > What's the format of an FW1 (Firewall-1? YES) monitor file?
> It is a "snoop" format
> with different meaning of the fields in the ethernet header.

But with nothing in the snoop header to indicate that it's not a normal
snoop file?

Sigh.

If so, I'd prefer to have an option to the Ethernet dissector to specify
whether the capture is an Ethernet capture or a Firewall-1 capture,
rather than putting a heuristic into the Ethernet dissector to try to
guess whether the packet is from a regular capture file or a Firewall-1
log.