On Fri, Mar 05, 2004 at 04:54:09PM +0100, Zanetta Michael wrote:
> For those who know the raptor firewall (now Symantec Enterprise
> Firewall), there's a tcpdump-like capture tool in it that let's you
> capture data from the network.
> Unfortunatly, this format is not understood by ethereal, bacause it's
> writing type 99 for the network protocol in state of ethernet.
Well, at least they chose one that nobody else is using - and chose
wisely, as the original ones were small integers, the ones NetBSD added
started at 50, and the ones tcpdump.org are giving out start at 100, so
theirs is unlikely to be chosen by anybody else adding new ones.
> Is it possible to support this type of traffic in ethereal?
Yes, *IF* we get a sample capture file and some sort of description of
the contents of the link-layer header (a description of the format would
be ideal; something such as descriptive text output from software that
can read the file and show the packets in it would be second-best).
> I can provide you the binary and some trace of it if you want.
I assume by "the binary" you mean a capture file, and by "some trace of
it" you mean some description of what's in the file that we can use to
figure out what the link-layer headers look like, that'd be necessary,
as per the previous paragraph.