> In some secifications I could read that the network card should be
> compatible with NDIS (Network Device Interface Secifications).
I don't think a network *card* is NDIS-compatible; NDIS is, as far as I
know, a sofware specification for network card device drivers, used in
various Microsoft-flavored OSes (I say "Microsoft-flavored" as I think
OS/2 uses it, and Microsoft are no longer involved in OS/2).
> As it the name
> says, you're speaking about Network Device and not about other devices
> like V.24
> device or ISDN device.
I'd consider an ISDN modem a network device - for that matter, as you
can run PPP over V.24, I'd consider a serial line a network device. A
PPP implementation for, say, Windows, or an IP-over-ISDN/PPP-over-ISDN
implementation for Windows, would probably be written as an NDIS driver.
> I know that Ethereal doesn't run on a PC with a MS OS.
It doesn't do so *yet*. There's a guy on the "ethereal-dev" list who's
built it, using a GTK+ port to Windows and the Cygwin tools and a port
of the libpcap library (which is the library we use to get at the OS's
raw packet capture mechanism) and a driver that uses NDIS to get a raw
packet capture mechanism on Windows, on NT, and used it to capture
packets on NT; however, the standard source code doesn't compile on
Windows.
> Is the analyze of PPP hardware independent? Does your analyzer take over
> control over NDIS only or also over V.24 device and ISDN device?
>
> What I mean is: Is it possible to analyze PPP packets over V.24, ISDN or
> USB?
As noted, Ethereal gets access to the raw packet stream coming into the
machine, or going out of the machine, over a specific interface by using
the libpcap library; that library uses different mechanisms on different
OSes, as different OSes provide different mechanisms for that sort of
raw packet access.
The Linux version of that mechanism does let you capture PPP over serial
lines (if that's what V.24, "List of definitions for interchange
circuits between data terminal equipment (DTE) and data
circuit-terminating equipment (DCE)" describes); unfortunately, it
strips the PPP header from the frames before handing them to a program,
and, as such, you might *only* get to see IP packets, not packets for
other protocols - or, if you do see packets for other protocols, it may
not let you tell what protcols they're for.
If you're not going to be running IP over that PPP link, from a quick
look at the code in a 2.2[.x] kernel, I suspect it'd be possible to
patch the kernel not to "helpfully" hide the link-layer header.
That code also doesn't show LCP traffic; I suspect it'd also be possible
to patch it to pass that traffic on as well.
FreeBSD's PPP code, as I remember, looks as if it's a little better; I
don't think it hides the PPP header, but it may still hide LCP traffic.
Ethereal should be able to handle PPP-over-serial-lines, with the above
limitations, on Linux and FreeBSD.
I think it can also handle PPP-over-ISDN on FreeBSD; I have heard claims
that the libpcap library would need to be patched to handle
PPP-over-ISDN on Linux, but the site that purports to have patches
wasn't up when last I checked it, so I don't know what those patches
are.
As for PPP-over-USB, if the driver used for that properly supports the
"raw packet socket" mechanism Linux uses for raw packet capture,
Ethereal should support it, although it may require patches to libpcap
to do so.
