On Thu, Aug 01, 2002 at 03:32:27PM -0400, Randy Truitt wrote:
> I downloaded the atm capture file (atm_capture1.cap) listed on the samples
> page, and it doesn't appear to have any link layer protocol detail for ATM.
>
> Am I missing something?
Yes, you're missing the fact that there are many types of ATM captures.
With most if not all BSD ATM drivers, the only traffic you get from ATM
captures is LLC-encapsulated traffic, and you only get an 802.2 LLC
header and the headers above it. The OS doesn't supply any ATM
"pseudo-header" containing information such as the VPI and VCI.
With Linux, you may get only classical IP traffic, with only an IP
header and the headers above it, or you might (with later versions of
libpcap) get a "cooked mode" capture, but you still won't get any ATM
information, as the OS doesn't supply it.
With SunATM on Solaris, the current CVS version of libpcap can supply an
ATM pseudo-header and, I think, all the traffic (or, at least, all the
data traffic). No released version of libpcap supports that yet,
however. (You also need the latest version of Ethereal for that;
0.8.19, which is a Really Old Version, doesn't support that.)
In addition, Sun's atmsnoop can capture traffic that Ethereal can read;
it uses the same mechanisms that libpcap does, so you would get an ATM
pseudo-header.
You can also capture traffic with ATM pseudo-headers with:
the old DOS-based ATM Sniffer from Network Associates;
IBM's iptrace on AIX;
possibly Microsoft's Network Monitor on Windows;
and Ethereal can read that.
