> Windows 2000 reports that it is debugging the
> crash and writing information to a file, but I usually click cancel and just
> restart Ethereal. I could try to locate the output of the debug file and
> forward it on if it would be of any help.
It probably would be of help; the more information supplied for any
problem, the greater the likelihood that it can be solved.
> Also, is there any way to modify the output of the "Info" column to display
> the nature of the LLC connection command type (XID, RR, SABM, TEST, etc) or
> is it possible to add another column to the display that would show these
> commands?
Not without a source distribution and a compiler - and, even there, it
wouldn't do any good except for packets where Ethereal doesn't know the
protocol running atop LLC; the "Info" column shows only information for
the highest-level protocol that Ethereal dissects.
> Also, we use a packet capture program here called Win Pharoh. I there any
> possibilty that Ethereal will provide the ability (it currently does not) to
> open the capture files generated by this program?
*If* we had
1) information about the file format for WinPharoah
and
2) capture files on which to test it
there is a possibility that we could get Ethereal to read its capture
files.
Without 1), it'd be more difficult, as we'd have to reverse-engineer the
format, which might require more than one capture file, and would almost
certainly require a dissection of the file from WinPharoah (so that we
know, for example, what the packets in the file are *supposed* to be,
allowing us to figure out where various time stamp, packet size, etc.
header fields are, figure out where the link-layer header begins, etc.).
As is usually the case, the vendor's Web site has a bunch of shiny
glossy brochures at
http://www.gnnettest.com/pages/wp.htm
but no obvious "here's what our capture files look like" documents.