Sounds like pcap is the way to go.
Thanks for your fast response time. These things are funny. I send tons of
mail to big professional network compoanies. = no response or dumb response.
Then i post 1 message on a freeware mailinglist, and i get the response i
need the next day. WOW.
Keep it up.
Peter, Intel, Denmark
----- Original Message -----
From: "Guy Harris" <gharris@xxxxxxxxxxxx>
To: <donpedro@xxxxxx>
Cc: <ethereal-dev@xxxxxxxxxxxx>
Sent: Friday, December 22, 2000 10:24 PM
Subject: Re: [Ethereal-dev] Flexible file formats
> On Fri, Dec 22, 2000 at 05:05:07PM +0100, Peter Dons Tychsen wrote:
> > I am creating a packet trace (sniffer) function for a series of
> > routers. The router supports many different interfaces (ISDN/WAN/LAN)
> > and protcols (IP/TCP/PPP/HLDC....). In what file format should i save
> > the output in to be as compatible with ethereal as possible. What
> > format is most flexible?
>
> As Gilbert suggested, libpcap format is probably the best choice. One
> of the things that makes it flexible is that libpcap is open source and
> actively being developed.
>
> Currently, the link-layer formats it supports (other than those that are
> "software-defined", such as DLT_NULL, which is used for loopback
> devices) include:
>
> Ethernet
>
> Token Ring
>
> FDDI
>
> SLIP
>
> PPP (several different flavors, depending on what parts of the
> header show up; the one you want may be DLT_PPP_SERIAL, which
> originally came from NetBSD, and which can be used either for
> traffic with a PPP header or for traffic with a Cisco
> point-to-point HDLC header as described in section 4.3.1 of RFC
> 1547)
>
> IEEE 802.11 wireless LAN