Wireshark · Ethereal-users: Re: [Ethereal-users] Nettl trace files from hpux.

Ethereal-users: Re: [Ethereal-users] Nettl trace files from hpux.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Mon, 21 May 2001 21:35:54 -0700 (PDT)

> This was my thought as well. It looks like TCP packets aren't handled. I was
> just wondering if anybody else has tried ethereal to read nettl trace files
> successfully.

As far as I know, Olivier Abad, the person who contributed the nettl
code, has gotten Ethereal to read at least *some* nettl files
successfully.

The "README.hpux" file on the Ethereal source says:

	nettl is used on HP-UX to trace various streams based
	subsystems.  Ethereal can read nettl files containing IP frames
	(NS_LS_IP subsystem) and LAPB frames (SX25L2 subsystem).  It has
	been tested with files generated on HP-UX 9.04 and 10.20.

	Use the following commands to generate a trace (cf. nettl(1M)): 

	# IP capture. 0x30000000 means PDU in and PDU out :
	nettl -tn 0x30000000 -e NS_LS_IP -f tracefile
	# X25 capture. You must specify an interface :
	nettl -tn 0x30000000 -e SX25l2 -d /dev/x25_0 -f tracefile
	# stop capture. subsystem is NS_LS_IP or SX25L2 :
	nettl -tf -e subsystem
  
	One may be able to specify "-tn pduin pduout" rather than "-tn
	0x30000000"; the nettl man page for HP-UX 10.30 implies that it
	should work.

I think he added support for HP-UX 11.00 after that comment was put in.

As the comment says, "Ethereal can read nettl files containing IP frames
(NS_LS_IP subsystem) and LAPB frames (SX25L2 subsystem)."  A recent
checking also added "Support for the BASE100 and GSC100BT subsystems",
but I don't know what "-e" flags you'd give to get frames from them -
perhaps "-e BASE100" and "-e GSC100BT".  I also don't know what other
command-line flags would be needed.

nettl files containing records from other subsystems can't be read.

> Thats a pity, I only mention this because in the 0.8.18 changelog there is a
> mention of a hpux plugin
> "The release adds IP fragment reassembly, plugin support on HPUX machines,

That's not mentioning an "HP-UX plugin" in the sense of a plugin module
that adds some sort of HP-UX support, it's mentioning that Ethereal now,
on HP-UX, can load plugin packet dissector modules (which are the only
types of plugins Ethereal currently supports).

Ethereal comes with two plugins - for MGCP and the protocol used by the
Gryphon device sold by the Dearborn Group.  Those plugins aren't HP-UX
specific - they're just modules that dissect the two protocols in
question.

References:
- RE: [Ethereal-users] Nettl trace files from hpux.
  - From: HJORTH,SHANE (HP-Australia,ex2)

Prev by Date: RE: [Ethereal-users] Nettl trace files from hpux.
Next by Date: RE: [Ethereal-users] Nettl trace files from hpux.
Previous by thread: RE: [Ethereal-users] Nettl trace files from hpux.
Next by thread: RE: [Ethereal-users] Nettl trace files from hpux.
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$