w.barker@xxxxxxxxx, Ethereal development <ethereal-dev@xxxxxxxxxxxx> schrieb am 12.04.05 17:30:52:
>
> I have a synchronous adapter that supports X.25 and Synchronous PPP on
> Windows. I can dump the frames to a text file but would really like to
>
> 1) dump them in some common format (e.g. libpcap?) so that they can then
> subsequently be read and decoded by ethereal (off-line)
The libpcap format is really straightforward, you may have a look at the file wiretap\libpcap.h which includes the pcap_hdr (file header) and pcaprec_hdr (record header). Sorry, I don't have a file format spec at hand (BTW: it might be a good idea to add it to the Ethereal development wiki).
That might be the fastest way to get some results.
>
> 2) write a capture driver (presumably NDIS LAN)which can pass up copies of
> the frames in real-time thereby allowing ethereal to process them
> dynamically
Sounds like the best idea. In that case, you don't have to handle with the libpcap format, as libpcap/WinPcap will handle things for you.
Never done that myself, so no real help.
>
> I'm sure that this is quite straightforward (I've produce a fair few NDIS
> drivers before) but it would really help to have
>
> 1a) a sample X.25 and/or Sync PPP dump in libpcap format for me to study
> 1b) a definition of the file format together with details of the constants
> required to identify the frame (link and packet) types
>
> 2a) details of the header (pseudo-MAC?) that should be stuck on the front of
> the raw frames before the capture driver passes the packets up the stack
>
> Any help would be much appreciated?
>
Guy Harris might be able to give you more details...
Regards, ULFL
P.S: you might not send your password to this mailing list ;-)
______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193
