On Tue, 8 Apr 2003, Guy Harris wrote:
> On Tue, Apr 08, 2003 at 10:12:26PM +0530, Jambunathan Kalyanasundaram wrote:
> > I am new to Ethereal and I would like to know
> > whether it is possible to do Layer-3 and above
> > logging using Ethereal.
> >
> > ie Can I log packets and read those captured
> > packets without having a MAC Ethernet header.
>
> Yes, but you'd need to have some form of possibly-fake link-layer
> header, containing, at minimum, some form of packet type indication,
> unless all your traffic is IP traffic (which, as you're mentioning
> Netware, I suspect it will *not* be).
>
> > Mainly I am interested in having Ethereal on
> > NetWare. Strangely enough NetWare doesn't provide
> > any mechanisms to see the MAC Header of a
> > transmitted packet.
>
> What information *does* it let you see? Can you, for example, get a
> packet type (IPv4, IPv6, ARP, IPX, etc.)?
>
> > Also is there an Netware port of Ethereal or
> > do you know of anyone working on a possible port.
>
> I know of no port and I know of nobodoy working on a port.
The wiretap support I added for Cisco Secure IDS did not have any mac
layer information and you could use that as a sample to get this working.
I did however know that all packets would be IP. You wil need to know what
type of packet it is to get the disectors working correctly.
--Mike
Mike Hall
mike@xxxxxxxxxxxx
