On Tue, 16 Apr 2002 13:13:04 -0700
Guy Harris <guy@xxxxxxxxxx> wrote:
> On Mon, Apr 15, 2002 at 04:31:44PM -0700, Benjamin Lee
> wrote:
> > I have some raw serial data that I captured and want to
> have
> > decoded by ethereal. Basically its somthing I snarfed
> off a
> > serial port, an inbound and outbound stream characters
> > captured from an RS-232 port. It's just some
> > Hayes-compatible AT modem chatter followed by then PPP
> > LCP/IPCP traffic and then some WSP/WTP on top. Is
> ethereal
> > able to decode the PPP and application level protocols
> in
> > this stream?
>
> No. It can't read arbitrary file formats.
>
> > Is there an easy way to massage the captured data into
> > something ethereal can read? I tried to write
> something
> > using libpcap to reformat the data, but found that I
> had to
> > in effect write a mini-analyzer which kinda defeats the
> > purpose.
>
> Eh? What do you mean by "mini-analyzer"?
>
> A program could read that file, throwing away the AT
> modem stuff, and
> then parsing the data stream to carve PPP packets out of
> it. All it'd
> need to do would be to analyze enough of the packets to
> find the length;
> it wouldn't have to analyze anything else.
>
> Were Ethereal capable of reading that file, it'd have to
> do the same
> thing - and would do it in code completely separate from
> the
> packet-analysis code in the top-level directory.
Guy,
Thank you for clearing this up. I guess "mini-analyzer"
overstates the complexity, it's just more PPP than I hoped
to have to deal with (I guess I'm just lazy). So the
problem for import is to chop the stream into separate PPP
frames and then I should get what I want (which is being
able see WSP/WTP traffic up the stack), or will I only see
PPP frames?
/B