[mrmartin1903@xxxxxxxxxxxx]

Guy,

thanks a lot for the feedback. 

For this test I am only using Ethereal to load capture files from a third party analyser. When I start Ethereal it allways comes up showing the columns No.; Time; Source Addr.; Dest Addr.; etc.. I have found the option to delete and add columns but that didn't change the way that Ethereal decoded my packets. Where would I configure Ethereal for example to look for a PPP-header etc. instead of the MAC SA/DA at the beginning of the packet as it does in default. 

Attached are one POS capture in ASCII (tcp_cap.txt) and libpcap (tcp_cap.eth) format. The IP source address is 1.1.1.1 and the IP destination address is 2.2.2.2.

I do not have a POS or ATM interface in my PC, so could that be the problem?

Thanks a lot

Regards

Martin


Guy Harris <gharris@xxxxxxxxx> wrote:

>On Wed, Oct 30, 2002 at 04:29:33AM -0500, mrmartin1903@xxxxxxxxxxxx wrote:
>> using Ethereal to load libcap captures I did not find a way to tell my
>> Ethereal Installation on W2k to properly show POS or ATM capture files,
>> since Ethereal always starts with MAC source/destination address.
>
>What do you mean "Ethereal always starts with MAC source/destination
>address"?
>
>Ethereal does *not* assume that packets always start with MAC source and
>destination addresses - it doesn't even assume that on LANs, given that
>on FDDI, Token Ring, and 802.11, there's some frame control stuff in the
>packet before the destination and source addresses.
>
>If your POS is just running PPP over SONET, then a libpcap POS capture
>would have either DLT_PPP or perhaps DLT_PPP_BSDOS as the link-layer
>type; Ethereal does *not* assume that PPP packets being with a MAC
>source or destination address.
>
>There are a variety of *different* libpcap ATM capture file formats,
>which Ethereal can read and can capture. �WinPcap can, in theory,
>capture ATM packets, and currently uses the DLT_ATM_RFC1483 format (in
>which the packet starts with an 802.2 LLC header) for them. �However,
>ATM captures have never been tested with WinPcap - the WinPcap FAQ at
>
> � �http://winpcap.polito.it/misc/faq.htm
>
>says:
>
> � �Q-17: Which network adapters are supported?
>
> � �A: The NPF device driver was developed to work primarily with
> � �Ethernet adapters. �Support for other MACs was added during the
> � �development, but Ethernet remains the preferred one. �The main
> � �reason is that all our development stations have Ethernet
> � �adapters so all our tests were made on this type of network.
> � �However, the current situation is: 
>
> � � � o Windows 95/98/ME: the packet driver works correctly on
> � � � � Ethernet networks. �It works also on PPP WAN links, but
> � � � � with some limitations (for example it is not able to
> � � � � capture the LCP and NCP packets). �FDDI, ARCNET, ATM and
> � � � � Token Ring should be supported, however we did not test
> � � � � them because we do not have the hardware, so do not expect
> � � � � them to work perfectly. 
> � � � o Windows NT4/2000: the packet driver works correctly
> � � � � on Ethernet networks. �We were not able to make it working
> � � � � on PPP WAN links, because of binding problems on the
> � � � � NDISWAN adapter. �As in Win9x, FDDI, ARCNET, ATM and Token
> � � � � Ring should be supported, but are not granted to work
> � � � � perfectly.
>
> � � � �...
>
>I suspect FDDI and Token Ring will Just Work, as they're relatively
>straightforward and have a standard frame format.
>
>ATM, however, is another matter; the ATM code could just supply, for
>example, raw AAL5 PDUs, or could supply a "pseudo-header" giving
>information such as the VPI and VCI for the PDUs. �Network Monitor
>appears to have as the link-layer header for ATM captures, a 6-byte
>"Destination address", a 6-byte "Source address", a 2-byte VPI, and a
>2-byte VCI, and no information as to the type of traffic
>(LLC-multiplexed, VC-multiplexed traffic of a particular type, LANE,
>etc.).
>
>> On the web I have seen that at least Linux would in theorie support
>> Ethernet, ATM and PPP. �Has anybody tried this with POS or ATM captures
>> on W2K or any other OS?
>
>It works fine on Solaris with ATM. �I haven't tried ATM on other
>platforms.
>
>As for POS, if it just runs PPP over SONET, it should work on any OS
>where you can capture PPP traffic.
>_______________________________________________
>Ethereal-users mailing list
>Ethereal-users@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-users
>

__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

Attachment: tcp_cap.zip
Description: tcp_cap.zip