Ethereal-users: Re: [ethereal-users] Issues with Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 17 Aug 2000 16:12:47 -0700 (PDT)
> Windows 2000 reports that it is debugging the
> crash and writing information to a file, but I usually click cancel and just
> restart Ethereal.  I could try to locate the output of the debug file and
> forward it on if it would be of any help.  

It probably would be of help; the more information supplied for any
problem, the greater the likelihood that it can be solved.

> Also, is there any way to modify the output of the "Info" column to display
> the nature of the LLC connection command type (XID, RR, SABM, TEST, etc) or
> is it possible to add another column to the display that would show these
> commands?

Not without a source distribution and a compiler - and, even there, it
wouldn't do any good except for packets where Ethereal doesn't know the
protocol running atop LLC; the "Info" column shows only information for
the highest-level protocol that Ethereal dissects.

> Also, we use a packet capture program here called Win Pharoh.  I there any
> possibilty that Ethereal will provide the ability (it currently does not) to
> open the capture files generated by this program?

*If* we had

	1) information about the file format for WinPharoah

and

	2) capture files on which to test it

there is a possibility that we could get Ethereal to read its capture
files.

Without 1), it'd be more difficult, as we'd have to reverse-engineer the
format, which might require more than one capture file, and would almost
certainly require a dissection of the file from WinPharoah (so that we
know, for example, what the packets in the file are *supposed* to be,
allowing us to figure out where various time stamp, packet size, etc.
header fields are, figure out where the link-layer header begins, etc.).

As is usually the case, the vendor's Web site has a bunch of shiny
glossy brochures at

	http://www.gnnettest.com/pages/wp.htm

but no obvious "here's what our capture files look like" documents.