Wireshark · Ethereal-users: [ethereal-users] ATM on Linux capture (long note)

Ethereal-users: [ethereal-users] ATM on Linux capture (long note)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Carl Klatsky <cklatsky@xxxxxxx>

Date: Mon, 21 Aug 2000 19:51:36 -0400

Guy,

Let me recap what I tried today:
1) Started building on my target machine just to eliminate any
discrepancies
2) On my target machine, I rebuilt libpcap-0.4a6 and tcpdump-3.4a6 from
sources that came with my SuSE 6.3 CDs.  Then I re-built ethereal-0.8.11
with the libpcap.c patch you supplied.  When I ran ethereal this time, I
did not have atm0 in the capture pull down menu.  After a whole lot of
discovery, it seems as if the source libpcap that came with my dist is
different than the libpcap.a that is loaded at install time.  I know
this seems odd, but this is the only thing I could come up with
3) Based on the results of step 2, I built tcpdump-3.4a6 from source but
used the libpcap.a (0.4a6) that gets loaded at install, and then rebuilt
ethereal with the patch you provided.  When I started ethereal, I could
select interface atm0, but when I clicked OK, I got the original
ethereal error that I started with "Network you're trying to capture
from is of a type that Ethereal doesn't support".
4) Since I rebuilt tcpdump from source, I could now run it directly on
target machine without getting the segmentation fault.  I tried what you
had suggested earlier about using tcpdump to create the capture file and
read it in ethereal.  The problem is when I run tcpdump -i atm0, I get:

User level filter, protocol ALL, raw packet socket
tcpdump: unknown data link type 0x12

So even though I could now create a raw capture file with tcpdump -w, it
doesn't capture from atm0, so I don't think there's much point sending
that onto you.  My guess is that the tcpdump I built from source does
not have the ATM patches, but somehow the libpcap.a does.  I checked
into a patch from the ATM on Linux site in the 'extra' directory, but it
looks like I may have to edit that since it seems as if the patch is
written to patch libpcap stuff and tcpdump stuff from a source directory
of orig/...  That may take me a bit.

If there's an easier way to proceed, or I missing something obvious,
please let me know.

Thank you for help and patience on this,
Carl 
-- 
|Carl Klatsky	    |Ph:     732.530.4471     |
|3NO Systems, Inc.  |Fax:    732.530.2110     | 
|http://www.3no.com |E-mail: cklatsky@xxxxxxx |

Follow-Ups:
- [ethereal-users] Re: ATM on Linux capture (long note)
  - From: Guy Harris

References:
- Re: [ethereal-users] Capturing on Linux ATM interfaces
  - From: Guy Harris
- Re: [ethereal-users] Capturing on Linux ATM interfaces
  - From: Carl Klatsky
- Re: [ethereal-users] Capturing on Linux ATM interfaces
  - From: Guy Harris

Prev by Date: [ethereal-users] Problems with different libpcap versions
Next by Date: [ethereal-users] Re: ATM on Linux capture (long note)
Previous by thread: Re: [ethereal-users] Capturing on Linux ATM interfaces
Next by thread: [ethereal-users] Re: ATM on Linux capture (long note)
Index(es):
- Date
- Thread