Wireshark · Ethereal-users: Re: [Ethereal-users] problem with reading AIX iptrace file (apparently giop creates a problem)

Ethereal-users: Re: [Ethereal-users] problem with reading AIX iptrace file (apparently giop crea

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Tue, 6 Nov 2001 18:53:00 -0800 (PST)

> The second IPTRACE file - various problems.  It has GIOP packets which
> apparently Ethereal has some problems with.  As I read the file in, I
> get several messages:
> 
> WARNING  giop: We don't yet dissect LOCATION_FORWARD
> 
> It does read the file, but I can't convert it into anything.  Except
> save under the different name, but only as another IPTRACE file (with
> this file, a pull-down menu shows only one option, IPTRACE 2.0.  Now
> another problem.  I've thought of filtering out the offending packets
> (with GIOP),

Those packets *aren't* what's causing your problem.

Ethereal's dissection function, and its capture file reading/writing
functions, are separate; when it writes out a capture file, it writes
out the raw packet data - whether there's something in the packet that
its dissection function can't handle is irrelevant.

(In fact, Ethereal comes with a program - editcap - which can also read
capture files in one format and write them in another; editcap does not
make *any* attempt whatsoever to dissect the contents of the packets.)

The most likely reasons why it only allows you to save the file as an
iptrace file are:

	1) the file has packets of more than one link-layer type -
	   iptrace's capture file format supports that, but other
	   capture file formats don't;

	2) the file has packets of only one link-layer type, but that's
	   a link-layer type not supported by the capture file format
	   you're trying to save as;

	3) the file has packets of only one link-layer type, and the
	   capture file format you're trying to save as supports it, but
	   Ethereal doesn't know how to write out a capture file in that
	   format with that link-layer type.

What link-layer types are in the second iptrace file?  Check all of the
packets - if, for example, some are Ethernet and some are token-ring,
you will probably not be able to save the file as anything other than an
iptrace file.  (Snoop and Sniffer, for example, can only handle one
link-layer type per file.)

References:
- [Ethereal-users] problem with reading AIX iptrace file (apparently giop creates a problem)
  - From: Porky Pig

Prev by Date: [Ethereal-users] problem with reading AIX iptrace file (apparently giop creates a problem)
Next by Date: [Ethereal-users] Ethereal question
Previous by thread: [Ethereal-users] problem with reading AIX iptrace file (apparently giop creates a problem)
Next by thread: [Ethereal-users] Ethereal question
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$