On Thu, Jul 18, 2002 at 06:16:26PM +0200, Fuhr Uwe (SH/APS) wrote:
> I have a question regarding getting raw ppp data into Ethereal.
> The data was collected with the tool 'RS232 Com Monitor v3.0'.
> Attached you will find a log file of how the raw data looks like.
>
> I tried to use Text2Pcap to make the raw data readable for Ethereal,
> but I didn't succeed.
Well, one problem is that it looks as if it really is *raw* data from
the serial line - i.e., it includes the framing octets for RFC 1662
HDLC-like framing (that's what the 7E's are).
Ethereal (and tcpdump, and so on) don't expect that framing data to be
there; they expect the packet to be in the form of the actual PPP data,
broken into frames, with the framing octets not present.
You'd have to write your own program to un-frame the data (which
includes dealing with the hex 7D escape octet) and put it into a libpcap
PPP capture file.
See RFC 1662 for details on how the framing is done for PPP over
asynchronous serial lines ("octet-stuffed").