Ethereal-users: Re: [Ethereal-users] Hardware to use ethereal for ATM and E1 links

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 31 Jul 2002 01:53:41 -0700
On Tue, Jul 30, 2002 at 08:03:06PM +0100, M�rio Santiago Batista wrote:
> Can anybody tell me the hardware needed to decode the packets in
> E1/ATM links?

I think of "decoding" as meaning "interpreting the contents of", i.e.
the "decoding" part of Ethereal is the part that displays the summary
lines in the first pane of the display and the protocol tree in the
second pane of the display.

The only hardware needed to decode that is hardware capable of running a
32-bit or larger version of a UNIX-flavored OS or Windows; there's no
special hardware required for that for any protocol.

However, in order to interpret the contents of a packet, you have to
*get* the contents of the packet.

That can either be done by Ethereal, in some cases, or by other
programs; Ethereal can read not only captures in its "native" format
(which is libpcap format, also used by tcpdump/WinDump and a number of
other programs), but captures in formats from other programs.

The "other programs" include the following programs which can capture
ATM traffic:

	the ATM version of the old DOS-based Sniffer software;

	the iptrace program in AIX;

	Microsoft Network Monitor;

	Sun's atmsnoop.

Ethereal can also capture ATM traffic itself on some platforms.

However, Ethereal, atmsnoop, and, I suspect, iptrace and Network Monitor
can only capture traffic being sent to or from the machine running the
program; they can't plug into an ATM link and passively capture traffic
not being sent to or from the machine running the program.

If that's what you want to do, you will have to:

	1) find some kind of hardware that can passively capture ATM
	   traffic;

	2) find some software that can use that hardware;

	3) either arrange that the software write out the traffic in a
	   format Ethereal can read, or write a program to convert that
	   traffic to a format Ethereal can read, or write code for
	   Ethereal to read that traffic file.

The only hardware I know of that might be able to do that is the
hardware from the DAG project:

	http://dag.cs.waikato.ac.nz/

or from the company that commercialized it:

	http://www.endace.com/

although there might be other hardware that can do it as well.

If you only care about ATM traffic to or from the machine running
Ethereal, then the platforms on which it can capture that traffic are
the platforms where libpcap (the library Ethereal uses for packet
capture) supports it.

Those include:

	Linux (although you might not see *all* the ATM traffic);

	various versions of BSD (although you might not see *all* the
	ATM traffic);

	Solaris with SunATM (which might show you most if not all of the
	traffic) - that requires the current CVS version of libpcap.