Wireshark · Ethereal-users: Re: [Ethereal-users] How to analyze raw PPP HDLC logs

Ethereal-users: Re: [Ethereal-users] How to analyze raw PPP HDLC logs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Guy Harris" <gharris@xxxxxxxxx>

Date: Thu, 17 Jun 2004 10:36:39 -0700 (PDT)

Stephane GOUD said:
> I have a "raw" PPP in HDLC like framing pcap file and
> I want it to be analyzed by Ethereal.
>
> I create a pcap file using DLT_PPP or DLT_PPP_SERIAL
> link type but without success.

The OSes that let you capture PPP traffic going to or from the host supply
the packets to the packet capture mechanism *after* the framing and
byte-stuffing have been stripped out; therfore, neither DLT_PPP nor
DLT_PPP_SERIAL are supposed to, or expected to, contain raw byte sequences
from the serial line, they're supposed to contain separate packets with
the framing and byte-stuffing removed.

If you want to create a libpcap file, remove the 0x7e's and 0x7d's from
the stream.

If you want to create a file with a raw byte stream, see the pppdump file
format; it's handled by wiretap/pppdump.c.

References:
- [Ethereal-users] How to analyze raw PPP HDLC logs
  - From: Stephane GOUD

Prev by Date: [Ethereal-users] Using Ethereal with SMC2536W-AG wireless card
Next by Date: [Ethereal-users] Ethereal - ANSI SCCP problems
Previous by thread: [Ethereal-users] How to analyze raw PPP HDLC logs
Next by thread: Re: [Ethereal-users] Are unchanging sequence numbers normal in TCPAcks?
Index(es):
- Date
- Thread