PS: Forgot to add that you might find some interesting material here
http://www.cacetech.com/SHARKFEST.08/
On Thu, Dec 4, 2008 at 4:11 PM, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:
>> Actually we are having our own E1 line with TDM connectivity. we are trying
>> to capture the E1 line, since wireshark cant recognize ISDN protocol,
>
> Wireshark supports dissection of ISDN. I think what you mean is that Wireshark
> doesn't (generally) support capture from E1 directly. If I understood
> you right,
> please have a look at question 7.5 at http://www.wireshark.org/faq.html
>
>> so we do have our own API provided with the E1 card. The API program is a C
>> program where the packets are captured in hexadecimal value in a command
>> line.
>
> In that case you might consider capturing the packets using the API you already
> have and reformatting the packet in libpcap format with a
> pseudo-header and feed it
> to Wireshark or tshark through named pipes. I have never really tried
> this myself, but
> I have read people on the developer list discuss this approach.
> Perhaps you will
> find something in the mailing list archives.
>
>> We are planning to use Java to run the API command internally in the
>> JAVA program and from the JAVA program we will send the captured hexadecimal
>> packets to wireshark through Jpcap.
>> And in the above scenario, if we send the captured packets through Jpcap
>> to wireshark, we need to send via Ethernet interface only, some time dummy
>> packets also be included in that interface, so we will not get the real
>> packets.
>>
>> The final query is we need to capture the TDM protocol and 3GPP protocol
>> in wireshark.
>> Can you please suggest me some good solution for this?
>
> Please see my suggestion above. I don't think the use of jpcap would
> be particularly
> useful in this case.
>