On Mon, Dec 04, 2000 at 01:56:10PM -0800, Guy Harris wrote:
> > I am running Red Hat Linux 7.0 (Linux version 2.2.16-22) and Ethereal
> > 0.8.14. I have a dial-up conection to my ISP and I am trying to trace PPP
> > information using Ethereal. Bu but I only see information starting at the IP
> > layer. How can I get the PPP information?
>
> Erase your disks and install one of {Free,Net,Open}BSD, or possibly
> BSD/OS, on your machine. (Solaris *might* work as well; I don't know.)
Well, there may be one other alternative, albeit one that may not be
very convenient. The PPPD man page at
http://nodevice.com/sections/ManIndex/man1206.html
says:
record <filename>
Specifies that pppd should record all characters sent and
received to a file named <filename>. This file is opened in
append mode, using the user's user-ID and permissions. This
option is implemented using a pseudo-tty and a process to
transfer characters between the pseudo-tty and the real serial
device, so it will increase the latency and CPU overhead of
transferring data over the ppp interface. The characters are
stored in a tagged format with timestamps, which can be
displayed in readable form using the pppdump(8) program.
Those dump files can also be read by Ethereal.
This isn't a simple capture you can start from Ethereal; I suspect that
you'd have to configure PPPD to log to a file before you call your ISP,
and then, after some amount of traffic has been written to the file, run
Ethereal on that file. Any session being logged to the file will have
the extra overhead described in the PPPD man page, and the file might
also take a significant amount of disk space.
