The answer to the question in the subject line is "it reads *some* Frame
Relay captures".
Roger wrote:
Capture file generated by: Bay Networks's Optivity Network Tap
Capture file format: General Network Sniffer format
Device monitored: Bay 5380 router
Interface where traffic was captured: WAN interface (Frame Relay)
I guess that the level 2 header of all of these packets has a Frame
Relay NLPID (RFC 1490, 03CC), and not an Ethernet header.
When I open the file in Ethereal, all captured packets are displayed,
but no useful information is shown: the Protocol column is always
"LAPB", IP addresses and ports are not shown and the Info column says
"Invalid LAPB frame".
The Sniffer file formats aren't fully documented (the old DOS Sniffer
format was partially documented, but I don't think the WAN capture
format was fully documented, and the newer Windows format isn't
documented at all).
As such, we've had to guess how to determine the link-layer type of WAN
Sniffer captures, and we've not yet found a 100% reliable way to
determine it (assuming that there *is* a 100% reliable way to determine
it!).
We'd have to see the capture file in order to figure out why Ethereal
isn't recognizing it as a Frame Relay capture. It definitely knows that
it's a WAN capture (the code knows how to recognize that) - it doesn't
think it's an Ethernet capture, so it's not looking for an Ethernet
header (it thinks it's an X.25 capture, as indicated by the "LAPB") -
but it doesn't know what *type* of WAN capture it is.
Is there a way to correctly open this file in Ethereal? If there isn't,
which sniffer or protocol analyzer may I try to open this file on a
Windows PC?
Well, if it's in Sniffer format, presumably Sniffer will read it....