Wireshark · Ethereal-dev: [ethereal-dev] Checked in code to write "snoop" and NetMon capture files

Ethereal-dev: [ethereal-dev] Checked in code to write "snoop" and NetMon capture files

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Fri, 3 Dec 1999 21:20:30 -0800 (PST)

Wiretap can now write "snoop" and Network Monitor 1.x capture files, as
well as "libpcap" files (at least for Ethernet, Token Ring, and FDDI; I
don't know how other packet types are encapsulated, and I don't know
whether "snoop" or the NetMon I have support the other types).

Currently no program uses it other than the version of "editpcap" I
hacked up to hardcode "snoop" and then NetMon as the output type, to
test it.

The mechanism is extensible to support other capture file formats as
well; add "XXX_dump_open()", "XXX_dump()", and "XXX_dump_close()"
routines to the "XXX.c" file, declare "XXX_dump_open()" in the "XXX.h"
file, and add entries to "dump_open_table[]" in "file.c".

NetMon didn't like the NFS packets from Gilbert's capture any more than
"snoop" or Ethereal did.  Current score: network analyzers 3, Linux
2.2.14-pre10 NFS client code 0. :-)

Follow-Ups:
- Re: [ethereal-dev] Checked in code to write "snoop" and NetMon capture files
  - From: Gilbert Ramirez

Prev by Date: Re: [ethereal-dev] Short packets / Bad data
Next by Date: [ethereal-dev] Protocol being descendent from other protocols
Previous by thread: Re: [ethereal-dev] Short packets / Bad data
Next by thread: Re: [ethereal-dev] Checked in code to write "snoop" and NetMon capture files
Index(es):
- Date
- Thread