forked from osmocom/wireshark
WildPackets' EtherHelp appears to write EtherPeek-compatible files,
except that the 0x80 bit is turned on in the file version number field. Turn that bit off before processing that field. svn path=/trunk/; revision=9342
This commit is contained in:
parent
7725f5e92d
commit
a98aa75a58
4
README
4
README
|
@ -1,4 +1,4 @@
|
||||||
$Id: README,v 1.62 2003/10/31 08:15:14 guy Exp $
|
$Id: README,v 1.63 2003/12/18 03:41:00 guy Exp $
|
||||||
|
|
||||||
General Information
|
General Information
|
||||||
------- -----------
|
------- -----------
|
||||||
|
@ -96,7 +96,7 @@ Microsoft Network Monitor
|
||||||
AIX's iptrace
|
AIX's iptrace
|
||||||
Cinco Networks NetXRray
|
Cinco Networks NetXRray
|
||||||
Network Associates Windows-based Sniffer
|
Network Associates Windows-based Sniffer
|
||||||
AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek
|
AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp
|
||||||
RADCOM's WAN/LAN Analyzer
|
RADCOM's WAN/LAN Analyzer
|
||||||
Lucent/Ascend access products
|
Lucent/Ascend access products
|
||||||
HP-UX's nettl
|
HP-UX's nettl
|
||||||
|
|
|
@ -29,12 +29,13 @@ B<LANalyzer> captures, Network General/Network Associates DOS-based
|
||||||
B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network
|
B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network
|
||||||
Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
|
Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
|
||||||
B<NetXRay> captures, captures from Network Associates Windows-based
|
B<NetXRay> captures, captures from Network Associates Windows-based
|
||||||
B<Sniffer>, AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>
|
B<Sniffer>, AG Group/WildPackets
|
||||||
captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
|
B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
|
||||||
router debug output, files from HP-UX's B<nettl>, the dump output from
|
from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
||||||
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
|
files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
|
||||||
project, the output in B<IPLog> format from the Cisco Secure Intrusion
|
routers, the output from B<i4btrace> from the ISDN4BSD project, the
|
||||||
Detection System, B<pppd logs> (pppdump format), the output from VMS's
|
output in B<IPLog> format from the Cisco Secure Intrusion Detection
|
||||||
|
System, B<pppd logs> (pppdump format), the output from VMS's
|
||||||
B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
|
B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
|
||||||
the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
|
the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
|
||||||
Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
|
Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
|
||||||
|
|
|
@ -47,12 +47,13 @@ Novell B<LANalyzer> captures, Network General/Network Associates
|
||||||
DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft
|
DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft
|
||||||
B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
|
B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
|
||||||
B<NetXRay> captures, captures from Network Associates Windows-based
|
B<NetXRay> captures, captures from Network Associates Windows-based
|
||||||
B<Sniffer>, AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>
|
B<Sniffer>, AG Group/WildPackets
|
||||||
captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
|
B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
|
||||||
router debug output, files from HP-UX's B<nettl>, the dump output from
|
from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
||||||
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
|
files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
|
||||||
project, the output in B<IPLog> format from the Cisco Secure Intrusion
|
routers, the output from B<i4btrace> from the ISDN4BSD project, the
|
||||||
Detection System, B<pppd logs> (pppdump format), the output from VMS's
|
output in B<IPLog> format from the Cisco Secure Intrusion Detection
|
||||||
|
System, B<pppd logs> (pppdump format), the output from VMS's
|
||||||
B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
|
B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
|
||||||
the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
|
the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
|
||||||
Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
|
Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
|
||||||
|
|
|
@ -26,9 +26,9 @@ captures, Network General/Network Associates DOS-based B<Sniffer>
|
||||||
(compressed or uncompressed) captures, Microsoft B<Network Monitor>
|
(compressed or uncompressed) captures, Microsoft B<Network Monitor>
|
||||||
captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay>
|
captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay>
|
||||||
captures, captures from Network Associates Windows-based B<Sniffer>, AG
|
captures, captures from Network Associates Windows-based B<Sniffer>, AG
|
||||||
Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek> captures,
|
Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>
|
||||||
captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router
|
captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
|
||||||
debug output, files from HP-UX's B<nettl>, the dump output from
|
router debug output, files from HP-UX's B<nettl>, the dump output from
|
||||||
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
|
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
|
||||||
project, the output in B<IPLog> format from the Cisco Secure Intrusion
|
project, the output in B<IPLog> format from the Cisco Secure Intrusion
|
||||||
Detection System, B<pppd logs> (pppdump format), the output from VMS's
|
Detection System, B<pppd logs> (pppdump format), the output from VMS's
|
||||||
|
@ -42,7 +42,7 @@ need to tell B<Mergecap> what type of file you are reading; it will
|
||||||
determine the file type by itself. B<Mergecap> is also capable of
|
determine the file type by itself. B<Mergecap> is also capable of
|
||||||
reading any of these file formats if they are compressed using gzip.
|
reading any of these file formats if they are compressed using gzip.
|
||||||
B<Mergecap> recognizes this directly from the file; the '.gz' extension
|
B<Mergecap> recognizes this directly from the file; the '.gz' extension
|
||||||
is not required for this purpose.
|
is not required for this purpose.
|
||||||
|
|
||||||
By default, it writes the capture file in B<libpcap> format, and writes
|
By default, it writes the capture file in B<libpcap> format, and writes
|
||||||
all of the packets in both input capture files to the output file. The
|
all of the packets in both input capture files to the output file. The
|
||||||
|
|
|
@ -50,8 +50,8 @@ General/Network Associates DOS-based B<Sniffer> (compressed or
|
||||||
uncompressed) captures, Microsoft B<Network Monitor> captures, files
|
uncompressed) captures, Microsoft B<Network Monitor> captures, files
|
||||||
from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from
|
from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from
|
||||||
Network Associates Windows-based B<Sniffer>, AG Group/WildPackets
|
Network Associates Windows-based B<Sniffer>, AG Group/WildPackets
|
||||||
B<EtherPeek>/B<TokenPeek>/B<AiroPeek> captures, captures from
|
B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
|
||||||
B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
|
||||||
files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
|
files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
|
||||||
routers, the output from B<i4btrace> from the ISDN4BSD project, the
|
routers, the output from B<i4btrace> from the ISDN4BSD project, the
|
||||||
output in B<IPLog> format from the Cisco Secure Intrusion Detection
|
output in B<IPLog> format from the Cisco Secure Intrusion Detection
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
* Routines for opening EtherPeek (and TokenPeek?) files
|
* Routines for opening EtherPeek (and TokenPeek?) files
|
||||||
* Copyright (c) 2001, Daniel Thompson <d.thompson@gmx.net>
|
* Copyright (c) 2001, Daniel Thompson <d.thompson@gmx.net>
|
||||||
*
|
*
|
||||||
* $Id: etherpeek.c,v 1.24 2003/10/01 07:11:46 guy Exp $
|
* $Id: etherpeek.c,v 1.25 2003/12/18 03:43:40 guy Exp $
|
||||||
*
|
*
|
||||||
* Wiretap Library
|
* Wiretap Library
|
||||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||||
|
@ -163,6 +163,20 @@ int etherpeek_open(wtap *wth, int *err)
|
||||||
&ep_hdr.master, sizeof(ep_hdr.master), wth->fh, err);
|
&ep_hdr.master, sizeof(ep_hdr.master), wth->fh, err);
|
||||||
wth->data_offset += sizeof(ep_hdr.master);
|
wth->data_offset += sizeof(ep_hdr.master);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* It appears that EtherHelp (a free application from WildPackets
|
||||||
|
* that did blind capture, saving to a file, so that you could
|
||||||
|
* give the resulting file to somebody with EtherPeek) saved
|
||||||
|
* captures in EtherPeek format except that it ORed the 0x80
|
||||||
|
* bit on in the version number.
|
||||||
|
*
|
||||||
|
* We therefore strip off the 0x80 bit in the version number.
|
||||||
|
* Perhaps there's some reason to care whether the capture
|
||||||
|
* came from EtherHelp; if we discover one, we should check
|
||||||
|
* that bit.
|
||||||
|
*/
|
||||||
|
ep_hdr.master.version &= ~0x80;
|
||||||
|
|
||||||
/* switch on the file version */
|
/* switch on the file version */
|
||||||
switch (ep_hdr.master.version) {
|
switch (ep_hdr.master.version) {
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue