wireshark

History

Gilbert Ramirez 5174440b33 I gave Guy the credit he deserves. svn path=/trunk/; revision=112		1998-11-20 05:54:39 +00:00
..
acconfig.h	Add "acconfig.h" to make the "auto*" stuff happy.	1998-11-15 00:32:01 +00:00
aclocal.m4	More patches from Guy to make wiretap compile better. I definitely	1998-11-13 03:21:20 +00:00
AUTHORS	I gave Guy the credit he deserves.	1998-11-20 05:54:39 +00:00
buffer.c	More patches from Guy, cleaning up warnings when using gcc -Wall.	1998-11-12 23:29:34 +00:00
buffer.h	I added the LANalzyer file format to wiretap. I cleaned up some code in the	1998-11-12 06:01:27 +00:00
ChangeLog	A lengthy patch to add the wiretap library. Wiretap is not used by default	1998-11-12 00:06:47 +00:00
config.h.in	More patches from Guy to make wiretap compile better. I definitely	1998-11-13 03:21:20 +00:00
configure	* Added patches from Laurent and Guy	1998-11-18 03:01:44 +00:00
configure.in	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
COPYING	I added the LANalzyer file format to wiretap. I cleaned up some code in the	1998-11-12 06:01:27 +00:00
debug.h	A lengthy patch to add the wiretap library. Wiretap is not used by default	1998-11-12 00:06:47 +00:00
file.c	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
INSTALL	A lengthy patch to add the wiretap library. Wiretap is not used by default	1998-11-12 00:06:47 +00:00
lanalyzer.c	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
lanalyzer.h	I added the LANalzyer file format to wiretap. I cleaned up some code in the	1998-11-12 06:01:27 +00:00
libpcap.c	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
libpcap.h	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
Makefile	* Don't build wiretap if it isn't configured.	1998-11-18 04:02:17 +00:00
Makefile.am	Add the header files to "libwiretap_a_SOURCES", so they get included if	1998-11-17 05:34:29 +00:00
Makefile.in	Add the header files to "libwiretap_a_SOURCES", so they get included if	1998-11-17 06:16:52 +00:00
NEWS	A lengthy patch to add the wiretap library. Wiretap is not used by default	1998-11-12 00:06:47 +00:00
ngsniffer.c	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
ngsniffer.h	Now that I know where to find the file format of Sniffer trace files, wiretap	1998-11-13 05:57:39 +00:00
README	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
snoop.c	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
snoop.h	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
wtap.c	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00
wtap.h	Add support to wiretap for reading Sun "snoop" capture files.	1998-11-15 05:29:17 +00:00

README

$Id: README,v 1.3 1998/11/15 05:29:05 guy Exp $

Wiretap is a library that is being developed as a future replacement for
libpcap, the current standard Unix library for packet capturing. Libpcap is
great in that it is very platform independent and has a wonderful BPF
optimizing engine. But it has some shortcomings as well. These shortcomings
came to a head during the development of Ethereal (http://ethereal.zing.org),
a packet analyzer. As such, I began developing wiretap so that:

1. The library can easily be amended with new packet filtering objects.
Libpcap is very TCP/IP-oriented. I want to filter on IPX objects, SNA objects,
etc. I also want any decent programmer to be able to add new filters to the
library.

2. The library can read file formats from many packet-capturing utilities.
Libpcap only reads Libpcap files.

3. The library can capture on more than one network interface at a time, and
save this trace in one file.

4. Network names can be resolved immediately after a trace and saved in the
trace file. That way, I can ship a trace of my firewall-protected network to a
colleague, and he'll see the proper hostnames for the IP addresses in the
packet capture, even though he doesn't have access to the DNS server behind my
LAN's firewall.

5. I want to look into the possibility of compressing packet data when saved
to a file, like Sniffer.


Currently, only #2 is available. Wiretap doesn't even do any filtering yet. It
can only be used to read packet capture files.

File Formats
============

Libpcap
-------
The "libpcap" file format was determined by reading the "libpcap" code;
wiretap reads the "libpcap" file format with its own code, rather than
using the "libpcap" library's code to read it.

Sniffer
-------
The Sniffer format, at least for Token-Ring, is documented in the
Sniffer manual.  Unfortunately, Sniffer manuals tend to document only
the format for the Sniffer model they document.

LANalyzer
---------
The LANalyzer format is available from http://www.novell.com. Search their
knowledge base for "Trace File Format". The code in wiretap so far only dumps
the packet data; I have yet to decode the timestamp for each packet. At least
I have the format for this, so it will be supported soon.

"snoop"
-------
The Solaris 2.x "snoop" program's format is documented in RFC 1761.

Gilbert Ramirez
<gram@verdict.uthscsa.edu>