> I've been looking high and low for something that would allow me to look
> at raw packet header information. Thought I was going to have to write
> something myself with libpcap (shudder!) until I stumbled upon Ethereal.
>
> Downloaded and installed Ethereal 0.8.2; this thing kicks! Unfortunately,
> I need to run it remotely from a customer's box, and then view the results
> locally. I was hoping to use tethereal for this,
To dissect, or just to capture? "tcpdump" can also be used to capture,
although you may want to give it a flag such as "-s 65535" to get all
the packet data (Ethereal and Tethereal default to that).
> but it crashes almost immediately upon invocation:
Apply the attached patch to "tethereal.c", rebuild, and try again.
> Also, I'm not sure if tethereal can provide the level of detail that
> Ethereal does?
If by "detail" you mean "detailed analysis of the fields within a
packet", it can - in fact, the only choices it offers when dissecting
and printing are 1) print the summary line for each packet or 2) print
the *entire* tree out, fully expanded, giving *all* the detail that
Ethereal does. (You do get to choose whether to have it also print the
hex/ascii raw dump of the packet.)
Index: tethereal.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/tethereal.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -c -r1.15 -r1.16
*** tethereal.c 2000/01/24 05:13:45 1.15
--- tethereal.c 2000/01/26 05:30:02 1.16
***************
*** 457,462 ****
--- 457,468 ----
void (*oldhandler)(int);
int err, inpkts;
char errmsg[1024+1];
+
+ /* Initialize the table of conversations. */
+ conversation_init();
+
+ /* Initialize protocol-specific variables */
+ init_all_protocols();
ld.linktype = WTAP_ENCAP_UNKNOWN;
ld.pdh = NULL;