diff options
author | Guy Harris <guy@alum.mit.edu> | 1999-08-20 07:51:22 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 1999-08-20 07:51:22 +0000 |
commit | bcb5f49177c6d1b44c6cde269c9f82f99cf58990 (patch) | |
tree | 36e199811ea3e256d119c3d89e8e3f313ef44e0d /wiretap/README | |
parent | 942470521a435b88549eea873a04eb4c3eeee77f (diff) |
Remove the stuff about filters in Wiretap, as that capability was
removed when a more powerful display filtering mechanism was added to
Ethereal.
svn path=/trunk/; revision=525
Diffstat (limited to 'wiretap/README')
-rw-r--r-- | wiretap/README | 27 |
1 files changed, 6 insertions, 21 deletions
diff --git a/wiretap/README b/wiretap/README index ebcc9ca21b..0f05fc2c4e 100644 --- a/wiretap/README +++ b/wiretap/README @@ -1,4 +1,4 @@ -$Id: README,v 1.14 1999/03/28 18:32:01 gram Exp $ +$Id: README,v 1.15 1999/08/20 07:51:22 guy Exp $ Wiretap is a library that is being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. Libpcap is @@ -29,14 +29,14 @@ to a file, like Sniffer. 6. The packet-filter can be optimized for the host OS. Not all OSes have BPF; SunOS has NIT and Solaris has DLPI, which both use the CMU/Stanford -packet-filter psuedomachine. RMON has another type of packet-filter syntax +packet-filter pseudomachine. RMON has another type of packet-filter syntax which we could support. Wiretap is very good at reading many file formats, as per #2 -above. Display filters are now appearing in wiretap, but they are -still basic. Development is continuing on the BPF compiler, so display -filters will continue to be enhanced. Please read the README.filters file for -information regarding the syntax of wiretap filters. +above. Wiretap has no filter capability at present; it currently doesn't +support packet capture, so it wouldn't be useful there, and filtering +when reading a capture file is done by Ethereal, using a more powerful +filtering mechanism than that provided by BPF. File Formats @@ -57,21 +57,6 @@ If you have an ATM Sniffer file, both Guy and Gilbert would be *very* interested in receiving a sample. (see 'AUTHORS' file for our e-mail addresses). -ATM sniffers are claimed by the manual to record a mixture of cells and -frames; there's currently no "raw ATM" encapsulation in wiretap to allow -us to return that directly, so we assume that the traffic of interest is -all LANE or all RFC 1483 traffic, search in the file for the first AAL5 -frame that's either LANE or RFC 1483, set the encapsulation based on -which of those we saw, and discard all non-AAL5 cells as well as AAL5 -frames not of the specified type. We also discard the 2-byte LANE -header at the front of the frame, leaving only the emulated Ethernet or -Token Ring frame. - -Given that wiretap now returns packet encapsulation types on a -per-packet basis, we could, instead, discard all non-AAL5 cells and AAL5 -frames that are neither LANE nor RFC 1483, and return the appropriate -encapsulation for the packet as we read it. - LANalyzer --------- The LANalyzer format is available from http://www.novell.com. Search their |