Wireshark · Ethereal-users: RE: [Ethereal-users] ethereal saving as dat file

Ethereal-users: RE: [Ethereal-users] ethereal saving as dat file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ankur Aggarwal" <ankur@xxxxxxxxxxxxxxxxx>

Date: Thu, 14 Apr 2005 10:02:45 +0530

Harris

Thanks for your prompt reply.
1)	I already have a code which can extract and generate all the
radio/packet information in the .apc file and it can be easily
integrated to suit ethereal. But I am not sure how to interface it with
ethereal-0.10.10\wiretap\etherpeek.c while maintaining the legacy code.

2)	I already have the driver source code for our .11abg card which
could be modified to promiscuous mode. But I am still unsure of how to
interface it ethereal. Is there some interface document/ specifications

3)       How do you set the .11a/b/g radio mode and channel number?

4)       In what format does my card/driver dump packets to the ethereal
and how does it inform about the packet arrival?

Regards,
Ankur

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Thursday, April 14, 2005 12:18 AM
To: Ethereal user support
Subject: Re: [Ethereal-users] ethereal saving as dat file

Ankur Aggarwal wrote:

> I am also trying to do a similar exercise. Instead of the ethereal 
> dumping a binary .apc file,

Ethereal can't save files in Airopeek format; it doesn't have any code 
to do so.

> I would like it to publish a .csv file. 
> (this is already supported in aeropeek)
> 
> 1) Where do I make changes so that I can get it?

I don't know whether 0.10.10 has this, but the current source in the 
development tree supports "as CSV" as a submenu item under the "Export" 
menu item in the "File" menu.

> 2) how can I fix the definition of each of the field?

I.e., how do you control what values are written out?

It writes out the columns that are displayed in the packet list; it 
doesn't support writing arbitrary data values, just those that can be 
displayed there, such as source and destination addresses.

> I have been using aeropeek for the wireless captures and have been 
> trying recently to migrate to ethereal.

If you want to migrate from Airopeek to Ethereal for *capturing* 
wireless traffic, you might want to think about migrating from Windows 
to an operating system that isn't quite as unfriendly towards 
applications whose developers don't have the resources to write their 
own wireless card drivers, as Ethereal is such an application - we don't

do our own wireless card drivers, and I doubt we ever will.

I.e., if you want to capture non-data 802.11 frames such as management 
or control frames, or you want to capture traffic for a BSS other than 
the one with which you're associated - or, depending on the type of 
wireless card you have, even if you just want to capture traffic other 
than traffic your machine receives or sends - you would have to switch 
to Linux or one of the free-software BSDs.

> This is one of the major 
> stumbling block which I am facing. Apart from that, How do I interface

> atheroes or some other wireless card to this software.

By either

	1) writing your own driver for the card, complete with support
for 
monitor mode, and writing utilities to put the card into monitor mode 
(and modifying WinPcap and Ethereal as necessary to use it, including 
support for getting 802.11 rather than fake Ethernet headers and getting

radio information if you're interested);

	2) abandoning all hope of capturing non-data packets, of getting
any 
"radio" information (signal strength, etc.) per packet, or of getting 
the raw 802.11 headers rather than fake Ethernet headers, and not 
capturing in monitor mode;

	3) abandoning Windows and using Linux or one of the
free-software BSDs.

(Yes, "abandon all hope" is part of the translation of "Lasciate ogni 
speranza, voi ch'entracte".  There are those who would argue that, if 
you start trying to capture wireless traffic on Windows with an 
application that doesn't come with its own wireless driver, you are 
entering the location famed for having "Lasciate ogni speranza, voi 
ch'entracte" above its gates....)  (No pun intended with "gates", 
although that does bring to mind

	http://www.fourmilab.ch/documents/top10.html

.)

See

	http://wiki.ethereal.com/CaptureSetup_2fWLAN

for information on 802.11 captures on various OSes.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Follow-Ups:
- Re: [Ethereal-users] ethereal saving as dat file
  - From: Guy Harris

References:
- Re: [Ethereal-users] ethereal saving as dat file
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] looking to make passive tap
Next by Date: [Ethereal-users] filtering capability
Previous by thread: Re: [Ethereal-users] ethereal saving as dat file
Next by thread: Re: [Ethereal-users] ethereal saving as dat file
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$