On Wed, Jan 26, 2000 at 09:11:40PM -0600, Tom Poe wrote:
>
>
> I've received a capture file from a customer generated by the NetXray
> version
> 3.03 sniffer. Ethereal (v 0.81 and 0.82) understand that the file is a
> NetXray file, but complains with the message: The file "/sprod.cap"
> is not a capture file in a format Ethereal understands.
> Here the message from the console:
> Message: netxray: network type 3 unknown or unsupported
> Is there anyway to tweak the Ethereal code or the NetXray file so I can
> decode
> it with Ethereal?
Yes. But you need to know what data link type the customer is using.
In ethereal/wiretap/netxray.c, there is a table that looks like this:
static const int netxray_encap[] = {
WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_TR,
WTAP_ENCAP_FDDI_BITSWAPPED,
WTAP_ENCAP_UNKNOWN, /* WAN */
WTAP_ENCAP_UNKNOWN, /* LocalTalk */
WTAP_ENCAP_UNKNOWN, /* "DIX" - should not occur */
WTAP_ENCAP_UNKNOWN, /* ARCNET raw */
WTAP_ENCAP_UNKNOWN, /* ARCNET 878.2 */
WTAP_ENCAP_UNKNOWN, /* ATM */
WTAP_ENCAP_UNKNOWN, /* Wireless WAN */
WTAP_ENCAP_UNKNOWN /* IrDA */
};
We commented type 3 (the 4th entry) as WAN, but returned an unknown
type. The different link types that wiretap can send back are in
ethereal/wiretap/wtap.h.
Do you know what link type the customer is using? If you need any
help, we'll be glad to help on ethereal-dev@xxxxxxxx. You probably
can't send us the customer's trace file, but if you can't figure out
what the link type is, a hex dump of the first few hundred bytes of
the file should be enough for us to figure it out.
But if you do get it working, please let us know so that we can
add the change to wiretap.
--gilbert
