On Fri, Feb 07, 2003 at 04:34:22PM -0500, Gabriela Montero wrote (in
HTML, which is not easy for everybody on the list to read - please send
plain text mail if possible):
> I need to capture HDLC packets.
> How can I capture CHDLC packets using Ethereal? I noticed that you had
> address and protocol. But I was wondering how to set the setup, since
> HDLC is serial synch protocol.
It depends on the operating system you're using.
On some versions of BSD, a network interface consisting of a serial
interconnect using Cisco HDLC-encapsulated frames supports capturing and
will report itself to BPF as having a link-layer type of Cisco HDLC.
Either the version of libpcap that comes with the OS, or the current
version from tcpdump.org, might support capturing on those interfaces;
if so, then if Ethereal is linked with a version of libpcap that can
handle those interfaces, it should just work, allowing you to capture
traffic going into or out of the machine on which you're running
Ethereal.
On Linux, the same thing would, in theory, work; however, there appear
to be bugs in at least some Linux drivers that break things (from the
behavior people have reported, the drivers were apparently written by
people with no clue as to how to set the data pointers in an skbuff -
and they were apparently also written by people who didn't know when
ARPHRD_RAWHDLC is appropriate and when ARPHRD_CISCO is appropriate).
On Windows, unfortunately, capturing on serial interfaces doesn't work
all that well.
In any case, all of this works only on network interfaces *on the
machine on which you're running Ethereal*; there is no support for
"third-party" captures on serial lines, of the sort that can be done
with, for example, a serial pod and a Sniffer.