On Tue, Jun 04, 2002 at 07:36:07AM +0800, darren wrote:
> I have got a legacy "bit-stream" capture card that I would like to use
> with ethereal. Unfortunately, it is not a network interface and thus I
> cannot use it directly.
>
> The card captures network data and saves them into a file and contains
> packets starting with the "0x7e" byte, Ethernet header, and then the IP
> packet.
Ethernet header? 0x7e sounds like an HDLC framing bit sequence
(especially given that you refer to it as "the" 0x7e byte, which makes
it sound as if it's some sort of standard expected value); is this
some flavor of Ethernet over HDLC? Or did you mean "PPP header", or
"Cisco HDLC header", or some other flavor of link-layer header?
Note that if this is HDLC framing, you might also have to deal with
removing stuffed bits or bytes. Ethereal expects an Ethernet packet not
to have HDLC stuffed bits, or async-PPP stuffed bytes, in the middle of
it.
> I understand that to use ethereal to dissect this data, I need to follow
> its format.whats the best way to convert this kind of data into those
> usable by ethereal??
>
> Is writing a dumb program to spoof the tcpdump file and packet header
> the only way?
That's the only way I know of - and it's a good way to do it, as it
means that your captures can be read by *any* program that reads
libpcap-format capture files, not just by Ethereal.
