Hi Lalit,
> I have Intel SIU, I have tried capturing packets from SIU, as expected
> it communicates on TCP and sends MTP as payload, How can decode the MTP
> packets using ethereal?
>From what I remember the Intel stuff just does SIGTRAN stuff over SCTP - so Ethereal should just decode out of the box.
> Another question is, if I have a septel card, connecting to network
> using E1 interface, how can I catpture and decode packets from this
> interface?
I've done this - I just turn on MTP3 tracing and wrote a little program to parse the output of s7_log, add a fake MTP2 and a fake ethernet header and write the result into a TUN interface (this is under Linux). Ethereal just captures from the pseudo-ethernet-device and I force it to understand MTP2 over ethernet :-) Bit messy but works rather nicely.
In the above example I also redirect the s7_log output through an SSH tunnel since the card isn't in my desktop machine... which leads me onto another idea...
I'm thinking of hacking with text2pcap to produce text2tun (using the same parser) - the idea is to allow realtime capture on remote machines - by doing something along the lines of:
ssh -C someserver tcpdump -X -s 0 -n -p -i eth0 tcp port 8080 | text2tun
Would this be of interest to others? Perhaps more sensible would be pcap2tun... although that would restrict the packet capture to something pcap based; if there's interest I'll post some code once it's ready.
Regards,
Chris
--
Chris Wilson
