Satya Swaroop wrote:
1) While configuring ethereal tool for network data analysis ( dumping
into raw files and then trun into the specific format ) did't find any
column for getting the TCP protocol state.
I need to know the tcp states for generating iptables.
Is it possible to get the tcp/ip states.
If by "state" you're referring to the states described in RFC 793,
there's nothing in Ethereal that keeps track of the protocol state at
any given point of time. You'd have to do that yourself when reading
the capture.
2) How to avoid conveting the protocol number into well known names. For
example I need the protocol number in the ouput for tcp as 6.
To which output are you referring?
In the detailed dissection of a packet, both the name and the number are
given (with the number in hex - is there any good reason to display it
in hex, given that the protocol numbers in
http://www.iana.org/assignments/protocol-numbers
are in decimal, and, for that matter, is there any good reason not to
give that field the value_string table from epan/ipproto.c, so you can
use those names in display filters?).
In the summary output, the name and number are given in the Info column
(with the name in hex, again), although if it's TCP, the summary output
won't give any IP information in the Info column, as the Info column
reflects the highest-level protocol dissected.
In PSML, the highest-level protocol will be shown, as in the summary output.
In PDML, the "ip.proto" field will have the numerical value (again, in hex).