Ethereal-users: Re: [Ethereal-users] Snooping ethernet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Urwin <richard@xxxxxxxxxxxxxxx>
Date: Fri, 11 Jul 2003 15:34:59 +0100
On Friday 11 Jul 2003 1:10 pm, Mike Stickney wrote:
> I've encountered a problem with a hardware vendor that has created
> their own "transmission control protocol".
>
> I'm now stuck with trying to analyze what they changed.  The data
> link layer is still Ethernet (IEEE 802.3).  Can ethereal be used to
> capture and display the Ethernet frames as is or will it require
> modification? If modification is required is there any documentation
> overview available or will I need to reverse engineer the entire
> source code?

Ethereal will capture it. But you will have to filter it on the Ethernet 
(aka MAC) addresses of the two machines. I assume you were filtering on 
the IP addresses previously.

There is documentation in the source distribution on writing disectors. 
See the doc/README.developer file in the first instance.

-- 
Richard Urwin