diff options
author | Guy Harris <guy@alum.mit.edu> | 2003-12-18 03:43:40 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2003-12-18 03:43:40 +0000 |
commit | a98aa75a5856d1e340413308ad1b0d24276a6a30 (patch) | |
tree | e5a7918889f0173117515e75f764154ae0c494a7 | |
parent | 7725f5e92de8e4aef6f5ad650b2ad70044e0b2ea (diff) |
WildPackets' EtherHelp appears to write EtherPeek-compatible files,
except that the 0x80 bit is turned on in the file version number field.
Turn that bit off before processing that field.
svn path=/trunk/; revision=9342
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | doc/editcap.pod | 13 | ||||
-rw-r--r-- | doc/ethereal.pod | 13 | ||||
-rw-r--r-- | doc/mergecap.pod | 8 | ||||
-rw-r--r-- | doc/tethereal.pod | 4 | ||||
-rw-r--r-- | wiretap/etherpeek.c | 16 |
6 files changed, 37 insertions, 21 deletions
@@ -1,4 +1,4 @@ -$Id: README,v 1.62 2003/10/31 08:15:14 guy Exp $ +$Id: README,v 1.63 2003/12/18 03:41:00 guy Exp $ General Information ------- ----------- @@ -96,7 +96,7 @@ Microsoft Network Monitor AIX's iptrace Cinco Networks NetXRray Network Associates Windows-based Sniffer -AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek +AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp RADCOM's WAN/LAN Analyzer Lucent/Ascend access products HP-UX's nettl diff --git a/doc/editcap.pod b/doc/editcap.pod index 4304972b89..5b65a62325 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -29,12 +29,13 @@ B<LANalyzer> captures, Network General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from Network Associates Windows-based -B<Sniffer>, AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek> -captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> -router debug output, files from HP-UX's B<nettl>, the dump output from -B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD -project, the output in B<IPLog> format from the Cisco Secure Intrusion -Detection System, B<pppd logs> (pppdump format), the output from VMS's +B<Sniffer>, AG Group/WildPackets +B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures +from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output, +files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN +routers, the output from B<i4btrace> from the ISDN4BSD project, the +output in B<IPLog> format from the Cisco Secure Intrusion Detection +System, B<pppd logs> (pppdump format), the output from VMS's B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from the B<DBS Etherwatch> VMS utility, traffic capture files from Visual Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output diff --git a/doc/ethereal.pod b/doc/ethereal.pod index 7af89c3979..200d723227 100644 --- a/doc/ethereal.pod +++ b/doc/ethereal.pod @@ -47,12 +47,13 @@ Novell B<LANalyzer> captures, Network General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from Network Associates Windows-based -B<Sniffer>, AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek> -captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> -router debug output, files from HP-UX's B<nettl>, the dump output from -B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD -project, the output in B<IPLog> format from the Cisco Secure Intrusion -Detection System, B<pppd logs> (pppdump format), the output from VMS's +B<Sniffer>, AG Group/WildPackets +B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures +from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output, +files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN +routers, the output from B<i4btrace> from the ISDN4BSD project, the +output in B<IPLog> format from the Cisco Secure Intrusion Detection +System, B<pppd logs> (pppdump format), the output from VMS's B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from the B<DBS Etherwatch> VMS utility, traffic capture files from Visual Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output diff --git a/doc/mergecap.pod b/doc/mergecap.pod index e28a42a284..c7d104256e 100644 --- a/doc/mergecap.pod +++ b/doc/mergecap.pod @@ -26,9 +26,9 @@ captures, Network General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from Network Associates Windows-based B<Sniffer>, AG -Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek> captures, -captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router -debug output, files from HP-UX's B<nettl>, the dump output from +Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> +captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> +router debug output, files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog> format from the Cisco Secure Intrusion Detection System, B<pppd logs> (pppdump format), the output from VMS's @@ -42,7 +42,7 @@ need to tell B<Mergecap> what type of file you are reading; it will determine the file type by itself. B<Mergecap> is also capable of reading any of these file formats if they are compressed using gzip. B<Mergecap> recognizes this directly from the file; the '.gz' extension -is not required for this purpose. +is not required for this purpose. By default, it writes the capture file in B<libpcap> format, and writes all of the packets in both input capture files to the output file. The diff --git a/doc/tethereal.pod b/doc/tethereal.pod index 370836961a..db97351823 100644 --- a/doc/tethereal.pod +++ b/doc/tethereal.pod @@ -50,8 +50,8 @@ General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from Network Associates Windows-based B<Sniffer>, AG Group/WildPackets -B<EtherPeek>/B<TokenPeek>/B<AiroPeek> captures, captures from -B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output, +B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures +from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output, files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog> format from the Cisco Secure Intrusion Detection diff --git a/wiretap/etherpeek.c b/wiretap/etherpeek.c index 13591ab523..53bd8f66f4 100644 --- a/wiretap/etherpeek.c +++ b/wiretap/etherpeek.c @@ -2,7 +2,7 @@ * Routines for opening EtherPeek (and TokenPeek?) files * Copyright (c) 2001, Daniel Thompson <d.thompson@gmx.net> * - * $Id: etherpeek.c,v 1.24 2003/10/01 07:11:46 guy Exp $ + * $Id: etherpeek.c,v 1.25 2003/12/18 03:43:40 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -163,6 +163,20 @@ int etherpeek_open(wtap *wth, int *err) &ep_hdr.master, sizeof(ep_hdr.master), wth->fh, err); wth->data_offset += sizeof(ep_hdr.master); + /* + * It appears that EtherHelp (a free application from WildPackets + * that did blind capture, saving to a file, so that you could + * give the resulting file to somebody with EtherPeek) saved + * captures in EtherPeek format except that it ORed the 0x80 + * bit on in the version number. + * + * We therefore strip off the 0x80 bit in the version number. + * Perhaps there's some reason to care whether the capture + * came from EtherHelp; if we discover one, we should check + * that bit. + */ + ep_hdr.master.version &= ~0x80; + /* switch on the file version */ switch (ep_hdr.master.version) { |