Wireshark-users: Re: [Wireshark-users] Support for WAN / HDLC
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Hubert.Miecznikowski@xxxxxxxxx
Date: Mon, 18 Dec 2006 09:04:57 -0500
Guy, thanks very much for your reply.
We are considering adding dissectors for U100 & ALC (Airline Link Control,
NOT Async Layered Coding) - both old protocols used in our airline data
comm field, and of course we would give code for those dissectors back to
the community.

You mentioned that dissector for LAPB & FrameRelay already exist. I do not
see those in my version of WireShark (I am running it under WindowsXP). Do
I have to download any additional software ?

I did a quick test, where I captured all the traffic on the ethernet port
of our device to a file (in libpcap format). As expected I could open the
file with WireShark, and see all the packets, with the appropriate packet
analysis (pretty sweet :-). Part of the data traffic was XOT (X.25 over TCP
- RFC1613), and again the X.25 packets were appropriately decoded i.e. X.25
packet level dissector is installed.

Now if I were to do a similar test on our HDLC ports configured for X.25 or
FrameRelay, what information would  I have to put the file header to tell
WireSharek that this is X.25 or FrameRelay capture ?
I would assume that the answer has to do with the "network" field of the
"pcap_hdr_t" structure, but ... what do I have to populate it with ? Can it
be done at all ?

Another issue has to do with the requirement to capture traffic from
multiple cards/ports (each data comm card in a chassis has 8 ports) to a
single "capture entity". One of the cards in the chassis is a "system
management card", it runs Linux (this is where WireShark would run). We are
thinking/considering making changes to the libpcap library on this card, to
"expose" all the data comm port on the other cards as "local interfaces" to
WireShark, this way be able to capture traffic from multiple ports at the
same time. In the process part of the libpcap library would have to be
ported to the data comm cards to support run-time filtering ... etc. Does
this approach make sense ? Has anybody done something like that before ?
Any potential problems ? Is it doable ?

Again any help/thoughts/ideas will be greatly appreciated.
Cheers.
Hubert




Hubert Miecznikowski
Senior Software Designer - SITA ADS, Solutions Engineering
777 Walkers Line
Burlington, ON L7N 2G1
Canada

TEL: 1-905-6815581
CVS: 7-282-5581
EMAIL: hubert.miecznikowski@xxxxxxxxx


                                                                           
             Guy Harris                                                    
             <guy@xxxxxxxxxxxx                                             
             >                                                          To 
             Sent by:                  Community support list for          
             wireshark-users-b         Wireshark                           
             ounces@wireshark.         <wireshark-users@xxxxxxxxxxxxx>     
             org                                                        cc 
                                                                           
                                                                   Subject 
             12/15/2006 06:24          Re: [Wireshark-users] Support for   
             PM                        WAN / HDLC                          
                                                                           
                                                                           
             Please respond to                                             
             Community support                                             
                 list for                                                  
                 Wireshark                                                 
             <wireshark-users@                                             
              wireshark.org>                                               
                                                                           
                                                                           





On Dec 15, 2006, at 8:09 AM, Hubert.Miecznikowski@xxxxxxxxx wrote:

> Can WireShark be used for analyzing X.25, FrameRelay .... and other
> WAN
> protocols?

Yes.

It include dissectors for LAPB and X.25 PLP, and for the low-level
Frame Relay protocol, and you can add more dissectors.  (If you add
them, you have to make the source code to the dissectors available to
anybody who gets a copy of those dissectors, and must allow them to
give the source code away to anybody they want to, without
restrictions.  Probably the best thing to do is to contribute the
dissectors to the Wireshark code base, which means we can update them
if any dissector programming interfaces change.)

The only tricky part would be if you used Wireshark to do the
capturing.  Whether it can capture traffic on a particular network
type depends on whether the libpcap/WinPcap library can capture on
that network type, and that, in turn, depends on the platform on which
you're running, and the drivers for the network adapters.

If you don't use Wireshark, you would have to write the captured data
to a file in a format that Wireshark can read; you can add new file
formats to Wireshark if necessary (the same rules about the source
code apply).

You'll probably have further questions in response to my message; if
they involve making modifications to Wireshark, you might want to ask
them on the wireshark-dev@xxxxxxxxxxxxx list.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users




This document is strictly confidential and intended only for use by the addressee unless otherwise stated.  If you are not the intended recipient, please notify the sender immediately and delete it from your system.