Ethereal-users: Re: [Ethereal-users] Problems Importing TCPDUMP Output into Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 11 Apr 2003 10:13:09 -0700
On Fri, Apr 11, 2003 at 01:08:19PM -0400, Richard Ginski wrote:
> It's an Intel machine running win2k, a firewall, and tcpdump.  I am
> aware of windump but we actually run tcpdump on it...tcpdump is
> installed as part of the firewall sw install.  Is there a way of finding
> out the versions?

Ask the vendor of the firewall software; whose firewall software is it?

They might've done their own libpcap/tcpdump port, rather than using the
Politecnico di Torino's ports (namely WinPcap/WinDump).  If so, you'll
have to ask *them* what the link-layer type value of 99 signifies and
what the link-layer header format is, so we can make Ethereal (and
tcpdump) handle it (and also ask them why the hell they decided to just
invent their own and not tell anybody about it, rather than asking
tcpdump.org for one and supplying code to add to libpcap/tcpdump to
support it; the fact that they chose 99, which is one less than the
value at which tcpdump.org started assigning new link-layer type values,
makes me suspect they knew about tcpdump.org).