Ethereal-dev: Re: [Ethereal-dev] Interesting new filetypes to possibly handle...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <rsharpe@xxxxxxxxxxxxxxxxx>
Date: Tue, 14 Oct 2003 16:50:48 -0700 (PDT)
On Tue, 14 Oct 2003, Guy Harris wrote:

> 
> On Oct 14, 2003, at 4:12 PM, Joe Patterson wrote:
> 
> > There are two filetypes (sort of...) that I was wondering how 
> > difficult it
> > might be to get ethereal to handle (and what good it might do...)
> >
> > One, which is perhaps the most novel, is handling packet dumps from 
> > cisco
> > routers.  On a Cisco router, if you issue the command "debug ip packet
> > {access-list #} dump", it will start dumping the hex representation of 
> > the
> > full packets which match the access-list #.  If you have your syslog 
> > set to
> > debug level, it will actually log these to a syslog server.  It seems 
> > that
> > it shouldn't be *terribly* difficult to write a parser that reads in a
> > syslog file, gets the time/date stamps from each syslog message, and 
> > the
> > data from the hexdump, and parses it into something that can be easily
> > displayed in ethereal.  Anyone have any thoughts?
> 
> If one wanted to implement that, one might want to look at some of the 
> other text-file dump readers in the wiretap directory.

Someone already posted a Perl script to convert these to the correct 
format.

Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com