osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

WildPackets' EtherHelp appears to write EtherPeek-compatible files, 

except that the 0x80 bit is turned on in the file version number field.
Turn that bit off before processing that field.

svn path=/trunk/; revision=9342
This commit is contained in:
Guy Harris 2003-12-18 03:43:40 +00:00
parent 7725f5e92d
commit a98aa75a58
6 changed files with 37 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README
View File

@ -1,4 +1,4 @@
$Id: README,v 1.62 2003/10/31 08:15:14 guy Exp $ $Id: README,v 1.63 2003/12/18 03:41:00 guy Exp $
General Information General Information
------- ----------- ------- -----------
@ -96,7 +96,7 @@ Microsoft Network Monitor
AIX's iptrace AIX's iptrace
Cinco Networks NetXRray Cinco Networks NetXRray
Network Associates Windows-based Sniffer Network Associates Windows-based Sniffer
AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp
RADCOM's WAN/LAN Analyzer RADCOM's WAN/LAN Analyzer
Lucent/Ascend access products Lucent/Ascend access products
HP-UX's nettl HP-UX's nettl

13
doc/editcap.pod
View File

@ -29,12 +29,13 @@ B<LANalyzer> captures, Network General/Network Associates DOS-based
B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network
Monitor> captures, files from AIX's B<iptrace>, Cinco Networks Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
B<NetXRay> captures, captures from Network Associates Windows-based B<NetXRay> captures, captures from Network Associates Windows-based
B<Sniffer>, AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek> B<Sniffer>, AG Group/WildPackets
captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
router debug output, files from HP-UX's B<nettl>, the dump output from from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
project, the output in B<IPLog> format from the Cisco Secure Intrusion routers, the output from B<i4btrace> from the ISDN4BSD project, the
Detection System, B<pppd logs> (pppdump format), the output from VMS's output in B<IPLog> format from the Cisco Secure Intrusion Detection
System, B<pppd logs> (pppdump format), the output from VMS's
B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
the B<DBS Etherwatch> VMS utility, traffic capture files from Visual the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output

13
doc/ethereal.pod
View File

@ -47,12 +47,13 @@ Novell B<LANalyzer> captures, Network General/Network Associates
DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft DOS-based B<Sniffer> (compressed or uncompressed) captures, Microsoft
B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks B<Network Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
B<NetXRay> captures, captures from Network Associates Windows-based B<NetXRay> captures, captures from Network Associates Windows-based
B<Sniffer>, AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek> B<Sniffer>, AG Group/WildPackets
captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
router debug output, files from HP-UX's B<nettl>, the dump output from from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
project, the output in B<IPLog> format from the Cisco Secure Intrusion routers, the output from B<i4btrace> from the ISDN4BSD project, the
Detection System, B<pppd logs> (pppdump format), the output from VMS's output in B<IPLog> format from the Cisco Secure Intrusion Detection
System, B<pppd logs> (pppdump format), the output from VMS's
B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
the B<DBS Etherwatch> VMS utility, traffic capture files from Visual the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output

8
doc/mergecap.pod
View File

@ -26,9 +26,9 @@ captures, Network General/Network Associates DOS-based B<Sniffer>
(compressed or uncompressed) captures, Microsoft B<Network Monitor> (compressed or uncompressed) captures, Microsoft B<Network Monitor>
captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay>
captures, captures from Network Associates Windows-based B<Sniffer>, AG captures, captures from Network Associates Windows-based B<Sniffer>, AG
Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek> captures, Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>
captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
debug output, files from HP-UX's B<nettl>, the dump output from router debug output, files from HP-UX's B<nettl>, the dump output from
B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
project, the output in B<IPLog> format from the Cisco Secure Intrusion project, the output in B<IPLog> format from the Cisco Secure Intrusion
Detection System, B<pppd logs> (pppdump format), the output from VMS's Detection System, B<pppd logs> (pppdump format), the output from VMS's
@ -42,7 +42,7 @@ need to tell B<Mergecap> what type of file you are reading; it will
determine the file type by itself. B<Mergecap> is also capable of determine the file type by itself. B<Mergecap> is also capable of
reading any of these file formats if they are compressed using gzip. reading any of these file formats if they are compressed using gzip.
B<Mergecap> recognizes this directly from the file; the '.gz' extension B<Mergecap> recognizes this directly from the file; the '.gz' extension
is not required for this purpose. is not required for this purpose.
By default, it writes the capture file in B<libpcap> format, and writes By default, it writes the capture file in B<libpcap> format, and writes
all of the packets in both input capture files to the output file. The all of the packets in both input capture files to the output file. The

4
doc/tethereal.pod
View File

@ -50,8 +50,8 @@ General/Network Associates DOS-based B<Sniffer> (compressed or
uncompressed) captures, Microsoft B<Network Monitor> captures, files uncompressed) captures, Microsoft B<Network Monitor> captures, files
from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from
Network Associates Windows-based B<Sniffer>, AG Group/WildPackets Network Associates Windows-based B<Sniffer>, AG Group/WildPackets
B<EtherPeek>/B<TokenPeek>/B<AiroPeek> captures, captures from B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output, from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
routers, the output from B<i4btrace> from the ISDN4BSD project, the routers, the output from B<i4btrace> from the ISDN4BSD project, the
output in B<IPLog> format from the Cisco Secure Intrusion Detection output in B<IPLog> format from the Cisco Secure Intrusion Detection

16
wiretap/etherpeek.c
View File

@ -2,7 +2,7 @@
* Routines for opening EtherPeek (and TokenPeek?) files * Routines for opening EtherPeek (and TokenPeek?) files
* Copyright (c) 2001, Daniel Thompson <d.thompson@gmx.net> * Copyright (c) 2001, Daniel Thompson <d.thompson@gmx.net>
* *
* $Id: etherpeek.c,v 1.24 2003/10/01 07:11:46 guy Exp $ * $Id: etherpeek.c,v 1.25 2003/12/18 03:43:40 guy Exp $
* *
* Wiretap Library * Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -163,6 +163,20 @@ int etherpeek_open(wtap *wth, int *err)
&ep_hdr.master, sizeof(ep_hdr.master), wth->fh, err); &ep_hdr.master, sizeof(ep_hdr.master), wth->fh, err);
wth->data_offset += sizeof(ep_hdr.master); wth->data_offset += sizeof(ep_hdr.master);
/*
* It appears that EtherHelp (a free application from WildPackets
* that did blind capture, saving to a file, so that you could
* give the resulting file to somebody with EtherPeek) saved
* captures in EtherPeek format except that it ORed the 0x80
* bit on in the version number.
*
* We therefore strip off the 0x80 bit in the version number.
* Perhaps there's some reason to care whether the capture
* came from EtherHelp; if we discover one, we should check
* that bit.
*/
ep_hdr.master.version &= ~0x80;
/* switch on the file version */ /* switch on the file version */
switch (ep_hdr.master.version) { switch (ep_hdr.master.version) {