Ethereal-users: Re: [Ethereal-users] Two packet intercept question

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Hardware Stuff <mrfixit@xxxxxxxxxxxxxxx>
Date: Wed, 10 Jan 2001 14:23:35 -0800 (PST)
   From: Guy Harris <guy@xxxxxxxxxx>
   Date: Wed, 10 Jan 2001 14:07:42 -0800 (PST)

   > I've been sucessfully using a combination of perl and tethereal to
   > decode a data packet.  I recently discovered that 1/12 of the data is
   > missing and appears in a subsequent packet.  I'd post the packets from a

   You can, for now, "print" the contents of a packet to a file, and put
   that into a mail message.

Doah!  An easy answer...  I could have just used tethereal too!


   > So I need a different answer.  The nature of this problem (picking
   > data out of multiple packets) has surely been seen before and solved
   > within ethereal.

   No, it hasn't, in fact; no dissectors currently assemble higher-level
   packets from multiple frames.  That's *another* item on the wish list,
   and it involves


Oh-oh.  So the lower-level libraries do not do this either....

I actually do not need the packets re-assembled (easy perl problem),
it would be sufficient if the capture filter could be set as a
trigger, and then the trigger packet and N subsequent packets were
dumped (in the sense of a hardware logic analyzer).  This sounds
similar to the 'alarm' feature mentioned on the wish list.

Thanks

r