diff options
author | Guy Harris <guy@alum.mit.edu> | 1999-01-30 09:44:21 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 1999-01-30 09:44:21 +0000 |
commit | 755e008e0d22288d576c2441e6ebf046438c3ae3 (patch) | |
tree | a425434c0a3c0ab8865ac4040378436a7ad6e7e7 /wiretap | |
parent | 7cae0c6bd339c59b607568368e3fdfdda305d38d (diff) |
Correct and expand the discussion of ATM Sniffer captures.
svn path=/trunk/; revision=179
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/README | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/wiretap/README b/wiretap/README index bca62afb69..f934cc69b5 100644 --- a/wiretap/README +++ b/wiretap/README @@ -1,4 +1,4 @@ -$Id: README,v 1.8 1999/01/27 14:54:09 gram Exp $ +$Id: README,v 1.9 1999/01/30 09:44:21 guy Exp $ Wiretap is a library that is being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. Libpcap is @@ -51,9 +51,22 @@ Sniffer manuals tend to document only the format for the Sniffer model they document. Token-Ring and ethernet seems to work well, though. If you have an ATM Sniffer file, both Guy and I would be *very* interested in receiving a sample. (see 'AUTHORS' file for our e-mail -addresses). When using LANE, the ATM Sniffer appears to record the emulated -LAN information; that is, only the ethernet or token-ring information is -stored in the trace file, not any information about ATM cells. +addresses). + +ATM sniffers are claimed by the manual to record a mixture of cells and +frames; there's currently no "raw ATM" encapsulation in wiretap to allow +us to return that directly, so we assume that the traffic of interest is +all LANE or all RFC 1483 traffic, search in the file for the first AAL5 +frame that's either LANE or RFC 1483, set the encapsulation based on +which of those we saw, and discard all non-AAL5 cells as well as AAL5 +frames not of the specified type. We also discard the 2-byte LANE +header at the front of the frame, leaving only the emulated Ethernet or +Token Ring frame. + +Given that wiretap now returns packet encapsulation types on a +per-packet basis, we could, instead, discard all non-AAL5 cells and AAL5 +frames that are neither LANE nor RFC 1483, and return the appropriate +encapsulation for the packet as we read it. LANalyzer --------- |