Wireshark · Ethereal-users: Re: [Ethereal-users] Problems Importing TCPDUMP Output intoEthereal

Ethereal-users: Re: [Ethereal-users] Problems Importing TCPDUMP Output intoEthereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Mon, 22 Mar 2004 11:50:30 -0800

On Mon, Mar 22, 2004 at 10:02:03AM +0100, Zanetta Michael wrote:
> here is a link to the tpdump.pdf document. It is so old, about 1999
> and I would be very surprised if the format had changed since...

...and it's just a tcpdump man page, which doesn't describe the format
of the presumably-synthetic link-layer headers in the file.

The current CVS versions of tcpdump from tcpdump.org and of Ethereal
make an attempt to read packets in that format - there appears to be an
Ethernet type field in the link-layer header, as well as 6 bytes of
mysterious junk before the type field and 36 bytes of 0 after the type
field.  Without a description of the contents of the remaining 42 bytes
there's not much we can do to dissect it (assuming it even contains
useful information).

References:
- Re: [Ethereal-users] Problems Importing TCPDUMP Output intoEthereal
  - From: Zanetta Michael

Prev by Date: Re: [Ethereal-users] serial data from microgate synclink adapter
Next by Date: Re: [Ethereal-users] Network type 99
Previous by thread: Re: [Ethereal-users] Problems Importing TCPDUMP Output intoEthereal
Next by thread: [Ethereal-users] Summary of Port Activity
Index(es):
- Date
- Thread