forked from osmocom/wireshark
WildPackets' EtherHelp appears to write EtherPeek-compatible files,
except that the 0x80 bit is turned on in the file version number field. Turn that bit off before processing that field. svn path=/trunk/; revision=9342
This commit is contained in:
parent
7725f5e92d
commit
a98aa75a58
4
README
4
README
|
@ -1,4 +1,4 @@
|
|||
$Id: README,v 1.62 2003/10/31 08:15:14 guy Exp $
|
||||
$Id: README,v 1.63 2003/12/18 03:41:00 guy Exp $
|
||||
|
||||
General Information
|
||||
------- -----------
|
||||
|
@ -96,7 +96,7 @@ Microsoft Network Monitor
|
|||
AIX's iptrace
|
||||
Cinco Networks NetXRray
|
||||
Network Associates Windows-based Sniffer
|
||||
AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek
|
||||
AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp
|
||||
RADCOM's WAN/LAN Analyzer
|
||||
Lucent/Ascend access products
|
||||
HP-UX's nettl
|
||||
|
|
|
@ -29,12 +29,13 @@ B<LANalyzer> captures, Network General/Network Associates DOS-based
|
|||
B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network
|
||||
Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
|
||||
B<NetXRay> captures, captures from Network Associates Windows-based
|
||||
B<Sniffer>, AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>
|
||||
captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
|
||||
router debug output, files from HP-UX's B<nettl>, the dump output from
|
||||
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
|
||||
project, the output in B<IPLog> format from the Cisco Secure Intrusion
|
||||
Detection System, B<pppd logs> (pppdump format), the output from VMS's
|
||||
B<Sniffer>, AG Group/WildPackets
|
||||
B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
|
||||
from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
||||
files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
|
||||
routers, the output from B<i4btrace> from the ISDN4BSD project, the
|
||||
output in B<IPLog> format from the Cisco Secure Intrusion Detection
|
||||
System, B<pppd logs> (pppdump format), the output from VMS's
|
||||
B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
|
||||
the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
|
||||
Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
|
||||
|
|
|
@ -47,12 +47,13 @@ Novell B<LANalyzer> captures, Network General/Network Associates
|
|||
DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft
|
||||
B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
|
||||
B<NetXRay> captures, captures from Network Associates Windows-based
|
||||
B<Sniffer>, AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>
|
||||
captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
|
||||
router debug output, files from HP-UX's B<nettl>, the dump output from
|
||||
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
|
||||
project, the output in B<IPLog> format from the Cisco Secure Intrusion
|
||||
Detection System, B<pppd logs> (pppdump format), the output from VMS's
|
||||
B<Sniffer>, AG Group/WildPackets
|
||||
B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
|
||||
from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
||||
files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
|
||||
routers, the output from B<i4btrace> from the ISDN4BSD project, the
|
||||
output in B<IPLog> format from the Cisco Secure Intrusion Detection
|
||||
System, B<pppd logs> (pppdump format), the output from VMS's
|
||||
B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
|
||||
the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
|
||||
Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
|
||||
|
|
|
@ -26,9 +26,9 @@ captures, Network General/Network Associates DOS-based B<Sniffer>
|
|||
(compressed or uncompressed) captures, Microsoft B<Network Monitor>
|
||||
captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay>
|
||||
captures, captures from Network Associates Windows-based B<Sniffer>, AG
|
||||
Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek> captures,
|
||||
captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router
|
||||
debug output, files from HP-UX's B<nettl>, the dump output from
|
||||
Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>
|
||||
captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
|
||||
router debug output, files from HP-UX's B<nettl>, the dump output from
|
||||
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
|
||||
project, the output in B<IPLog> format from the Cisco Secure Intrusion
|
||||
Detection System, B<pppd logs> (pppdump format), the output from VMS's
|
||||
|
@ -42,7 +42,7 @@ need to tell B<Mergecap> what type of file you are reading; it will
|
|||
determine the file type by itself. B<Mergecap> is also capable of
|
||||
reading any of these file formats if they are compressed using gzip.
|
||||
B<Mergecap> recognizes this directly from the file; the '.gz' extension
|
||||
is not required for this purpose.
|
||||
is not required for this purpose.
|
||||
|
||||
By default, it writes the capture file in B<libpcap> format, and writes
|
||||
all of the packets in both input capture files to the output file. The
|
||||
|
|
|
@ -50,8 +50,8 @@ General/Network Associates DOS-based B<Sniffer> (compressed or
|
|||
uncompressed) captures, Microsoft B<Network Monitor> captures, files
|
||||
from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from
|
||||
Network Associates Windows-based B<Sniffer>, AG Group/WildPackets
|
||||
B<EtherPeek>/B<TokenPeek>/B<AiroPeek> captures, captures from
|
||||
B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
||||
B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
|
||||
from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
||||
files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
|
||||
routers, the output from B<i4btrace> from the ISDN4BSD project, the
|
||||
output in B<IPLog> format from the Cisco Secure Intrusion Detection
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* Routines for opening EtherPeek (and TokenPeek?) files
|
||||
* Copyright (c) 2001, Daniel Thompson <d.thompson@gmx.net>
|
||||
*
|
||||
* $Id: etherpeek.c,v 1.24 2003/10/01 07:11:46 guy Exp $
|
||||
* $Id: etherpeek.c,v 1.25 2003/12/18 03:43:40 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
|
@ -163,6 +163,20 @@ int etherpeek_open(wtap *wth, int *err)
|
|||
&ep_hdr.master, sizeof(ep_hdr.master), wth->fh, err);
|
||||
wth->data_offset += sizeof(ep_hdr.master);
|
||||
|
||||
/*
|
||||
* It appears that EtherHelp (a free application from WildPackets
|
||||
* that did blind capture, saving to a file, so that you could
|
||||
* give the resulting file to somebody with EtherPeek) saved
|
||||
* captures in EtherPeek format except that it ORed the 0x80
|
||||
* bit on in the version number.
|
||||
*
|
||||
* We therefore strip off the 0x80 bit in the version number.
|
||||
* Perhaps there's some reason to care whether the capture
|
||||
* came from EtherHelp; if we discover one, we should check
|
||||
* that bit.
|
||||
*/
|
||||
ep_hdr.master.version &= ~0x80;
|
||||
|
||||
/* switch on the file version */
|
||||
switch (ep_hdr.master.version) {
|
||||
|
||||
|
|
Loading…
Reference in New Issue