From: Paul Ionescu
Sent: Saturday, January 06, 2001 7:28 AM
> I have attached to this email a initial dissector for frame relay.
> It is not complete because it is in an early stage.
> Unfortunately I have no capture of frame relay to probe the dissector.
> I had to "probe" the dissector by temporary binding it to some tcp port
> and put in some data in that stream with "nc"
> I don't know if right now is possible to capture some frame-relay
> packets in linux with tcpdump.
>
>If anybody has a capture of frame relay please send me one.
>
>For this to work, there must be added in wiretap/wtap.h a line
>containing
>
>#define WTAP_ENCAP_FR whatever is the last number available (maybe
20
>for now)
Interesting, I also hacked a Frame relay dissector last week. Mine is very
similar to yours.
I was concerned about the protocols running on Frame Relay and the
Multi-protocol defined
in RFC-2427 seems to be the standard. You should consult
http://www.frforum.com for
more information. Or search http://www.ibm.com for the key words 'Frame
Relay Guide'.
I also hacked the ngsniffer.c file to accept frame relay decodes from our
NAI sniffers.
My may concern is the Wellfleet compression protocol. We run this on our
frame links and
can't decode the data with our NAI sniffers. Last week I received a copy of
the NAI Sniffer 4.5
and it decodes the basic headers. I have examined the data packets from
some traces
and determined that the uncompress packet can be decoded as a multi-protocol
packet,
at least, the IP portion. I have coded a WCP dissector that will do this
and plan to investigate
how to decompress the other packets.
Jeff Foster
jfoste@xxxxxxxxxxxx