Ethereal-users: [Ethereal-users] Doesn't Ethereal reads F.Relay?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Roger <rmurad@xxxxxxxxx>
Date: Tue, 07 Sep 2004 03:06:49 +0000
Hi,
I can't decode packets with NLPID = Frame Relay (03CC, RFC 1490). In short form: 

Traffic captured:          Frame Relay, encapsulating IP and its subprotocols
Capture file generated by: Bay Networks's Optivity Network Tap
Capture file format:       General Network Sniffer format
Device monitored:          Bay 5380 router
Interface where traffic was captured: WAN interface (Frame Relay)
I guess that the level 2 header of all of these packets has a Frame Relay NLPID (RFC 1490, 03CC), and not an Ethernet header.
When I open the file in Ethereal, all captured packets are displayed, but no useful information is shown: the Protocol column is always "LAPB", IP addresses and ports are not shown and the Info column says "Invalid LAPB frame".
Is there a way to correctly open this file in Ethereal? If there isn't, which sniffer or protocol analyzer may I try to open this file on a Windows PC? 

Please, see detailed explanation below. Any help will be much appreciated.
Roger

Problem details ---------------------------------------------
We use SUN workstations running Solaris for SNMP monitoring of 30 Bay Networks 5380 routers. All WAN links are Frame Relay. For management we have: 
- Nortel / Bay Networks Site Manager
- HP Open View Network Node Manager
- Nortel / Bay Optivity Network Management System 8.1
For troubleshooting, we capture the Frame Relay traffic from any of the routers using PCAP, an application within Optivity. Once traffic is captured (from the WAN interface of a router), we use Network Tap (another Optivity application) to tftp the captured file to a local workstation.
Network Tap automatically opens and decodes the data, but, unfortunately, Network Tap does NOT support RADIUS protocol, so I get only raw data for the application level when I select RADIUS packets. And I need to decode Radius, for troubleshooting our customer's authentication issues.
Network Tap lets me to export the captured data to a file in "General Network Sniffer format". My goal was to open it in another protocol analyzer able to decode RADIUS packets. So I tried Ethereal. Ethereal dysplays all packets, but all of them are shown as "Invalid LAPB frame".
I am not sure, but I guess that the problem is the L2 header of my packets. They all have NLPID = Frame Relay and perhaps Etheral expected an Ethernet L2 header.
Is there a way to open this file in Ethereal? How? If there isn't, which sniffer or protocol analyzer I may try to open this file on a Windows PC? 
-----------------------------