Wireshark · Ethereal-users: Re: [Ethereal-users] more info on Ethereal

Ethereal-users: Re: [Ethereal-users] more info on Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Mon, 30 Apr 2001 11:42:20 -0700 (PDT)

> I am a Borland C++ Builder programmer and using windows 2000.
> _
> I want to write a"mini sniffer" for SECS / GEM tcp/ip protocol only! using
> C++ Builder...
> is it possible to use part of the "Ethereal" source code with my application
> ?

I guess it would be, but I'm not sure what the advantage of a
"mini-sniffer" would be here; if you just wrote a dissector for the
protocol in question, and added it to Ethereal as another protocol,
you'd have a sniffer that could dissect it *and* other protocols as
well.

You'd probably have a lot less work to do, as well, as you wouldn't have
to spend a lot of time figuring out how to remove all the parts of the
Ethereal source you don't want to use and, if necessary, put other stuff
in place of those parts.  (It might not be *as* hard if you only removed
protocol dissectors, not other parts of Ethereal, but you'd still have
to change Makefiles.)

However, I don't know whether it's possible to use Borland C++ to build
Ethereal; I don't think anybody's used anything other than Microsoft
Visual C++ and *maybe* CygWin GCC to build it.  If you want to use
Borland C++, you will probably have to make whatever changes are
necessary to get it to work, perhaps including writing whatever the
equivalent of Makefiles is if the MSVC++ "nmake" Makefiles won't work.

Note also that the WinPcap FAQ:

	http://netgroup-serv.polito.it/winpcap/misc/faq.htm

says:

	Q-8: Can I use WinPcap with Borland developing tools?

	A: We support only Microsoft developing tools.  Borland
	compilers need a .lib file whose format is different compared to
	the Microsoft one.  You can generate such a file by using a
	utility provided by Borland, by typing

                  implib -acf PacketBCB.lib packet.dll

	In case you are interested in Borland Delphi, you can contact
	Lars Peter Christiansen (http://home1.stofanet.dk/nitezhifter),
	Denmark.
	We do not know anything else about Borland C++ Builder.

	In any case, WinPcap 2.1 comes as dll (WPcap.dll) instead of
	static library.  This makes things much simpler.

You will, if you're trying to build a sniffer that can *capture* packets
rather than just read capture files, need to get WinPcap from

	http://netgroup-serv.polito.it/winpcap/

unless you use some other packet capture driver/library (in which case
you'll have to write your own code to use it).

> where can I get the source code ?

	http://www.ethereal.com/download.html#sources

and pick the mirror site nearest you (probably the Austrian mirror).

References:
- [Ethereal-users] more info on Ethereal
  - From: Nadav

Prev by Date: Re: [Ethereal-users] bus errone (core dumped)
Next by Date: Re: [Ethereal-users] m3ua displaying tags correctly ?
Previous by thread: [Ethereal-users] more info on Ethereal
Next by thread: [Ethereal-users] help
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$