[Jim Harvey <jim.harvey@xxxxxxxxxxx>]

Let me add that I would be very interested in hearing from anyone who
knows about high speed serial support in Linux/Ethereal.  We have SONET
analyzers that export the overhead data channel to a
V.11/V.35/RS422/RS449 - some sort of balanced, synchronous port.  This
interface is also used in Wide Area Network applications at T1 or E1
speed but I have not seen Linux drivers.  Perhaps I just don't know
where to look.  Can anyone on this list point me to information on Linux
WAN support?

I have had good results using Ethereal on the Ethernet side of these
multiplexers and it would be a great help to be able to see the bit
stream on the optical side as well.  Thanks, BTW for adding the
additonal ISIS support in the latest version (which I did not see
mentioned in the release notes).

JLeMay@xxxxxxxxx wrote:
> 
> Last I checked OS/2 Warp 4 (and probably Aurora and WSOD as well) was still
> using NDIS 3.0 compliant drivers. IBM never jumped on the NDIS 4 bandwagon,
> AFAIK.
> 
> -----Original Message-----
> From: Guy Harris [mailto:gharris@xxxxxxxxxxxx]
> Sent: Thursday, January 06, 2000 1:18 PM
> To: Christoph Burger
> Cc: Ethereal Users
> Subject: Re: [ethereal-users] More questions about Ethereal
> 
> > In some secifications I could read that the network card should be
> > compatible with NDIS (Network Device Interface Secifications).
> 
> I don't think a network *card* is NDIS-compatible; NDIS is, as far as I
> know, a sofware specification for network card device drivers, used in
> various Microsoft-flavored OSes (I say "Microsoft-flavored" as I think
> OS/2 uses it, and Microsoft are no longer involved in OS/2).
> 
> > As it the name
> > says, you're speaking about Network Device and not about other devices
> > like V.24
> > device or ISDN device.
> 
> I'd consider an ISDN modem a network device - for that matter, as you
> can run PPP over V.24, I'd consider a serial line a network device.  A
> PPP implementation for, say, Windows, or an IP-over-ISDN/PPP-over-ISDN
> implementation for Windows, would probably be written as an NDIS driver.
> 
> > I know that Ethereal doesn't run on a PC with a MS OS.
> 
> It doesn't do so *yet*.  There's a guy on the "ethereal-dev" list who's
> built it, using a GTK+ port to Windows and the Cygwin tools and a port
> of the libpcap library (which is the library we use to get at the OS's
> raw packet capture mechanism) and a driver that uses NDIS to get a raw
> packet capture mechanism on Windows, on NT, and used it to capture
> packets on NT; however, the standard source code doesn't compile on
> Windows.
> 
> > Is the analyze of PPP hardware independent? Does your analyzer take over
> > control over NDIS only or also over V.24 device and ISDN device?
> >
> > What I mean is: Is it possible to analyze PPP packets over V.24, ISDN or
> > USB?
> 
> As noted, Ethereal gets access to the raw packet stream coming into the
> machine, or going out of the machine, over a specific interface by using
> the libpcap library; that library uses different mechanisms on different
> OSes, as different OSes provide different mechanisms for that sort of
> raw packet access.
> 
> The Linux version of that mechanism does let you capture PPP over serial
> lines (if that's what V.24, "List of definitions for interchange
> circuits between data terminal equipment (DTE) and data
> circuit-terminating equipment (DCE)" describes); unfortunately, it
> strips the PPP header from the frames before handing them to a program,
> and, as such, you might *only* get to see IP packets, not packets for
> other protocols - or, if you do see packets for other protocols, it may
> not let you tell what protcols they're for.
> 
> If you're not going to be running IP over that PPP link, from a quick
> look at the code in a 2.2[.x] kernel, I suspect it'd be possible to
> patch the kernel not to "helpfully" hide the link-layer header.
> 
> That code also doesn't show LCP traffic; I suspect it'd also be possible
> to patch it to pass that traffic on as well.
> 
> FreeBSD's PPP code, as I remember, looks as if it's a little better; I
> don't think it hides the PPP header, but it may still hide LCP traffic.
> 
> Ethereal should be able to handle PPP-over-serial-lines, with the above
> limitations, on Linux and FreeBSD.
> 
> I think it can also handle PPP-over-ISDN on FreeBSD; I have heard claims
> that the libpcap library would need to be patched to handle
> PPP-over-ISDN on Linux, but the site that purports to have patches
> wasn't up when last I checked it, so I don't know what those patches
> are.
> 
> As for PPP-over-USB, if the driver used for that properly supports the
> "raw packet socket" mechanism Linux uses for raw packet capture,
> Ethereal should support it, although it may require patches to libpcap
> to do so.
-- 
Jim Harvey - Tellabs Operations Inc. - SAT