On Dec 21, 2003, at 5:04 AM, Ben Peddell wrote:
I'm trying to find a libpcap protocol where Ethereal recognizes the
direction, but no luck yet.
The "BSD/OS PPP" header might contain that, at least from looking at
tcpdump's code to print it. However, I don't have a BSD/OS system on
which to check that (or even to find out what the values of the offsets
of fields in the BSD/OS PPP header are, e.g. SLC_DIR for the
direction).
I know that converting pppdump format directly to libpcap format
(specifically using the PPP link layer) through Ethereal gets rid of
the direction bit, so I've made a perl script that converts the
pppdump output into a libpcap file masquerading as PPPoES under SLL
(currently _without_ the help of libpcap). But Ethereal still
complains that the direction is unknown (even though sent packets
become "Sent by us" and received packets become "Unicast to us" in the
SLL header) when it encounters VJ Compressed packets ("PPPoES VJ
compressed TCP (direction unknown)").
It wasn't setting "pinfo->p2p_dir" in the "Linux cooked" dissector.
I've checked in a change to do so (note that it won't set it for
"promiscuously received" packets, as those packets were neither sent
nor received by the capturing machine, so it doesn't know the
direction).
The attached patch contains that change. Try building Ethereal from
source with that change.
Attachment:
patch
Description: Binary data