Cell Relay Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Re: Sniffing fore-ip with tcpdump?
Not sure if this will help you, but the Solaris 2.x snoop command works pretty well with Fore IP and LANE on the SBA200 NIC cards. Can't remember if I tried Classical IP with snoop. Not as much fun as hacking tcpdump, but it may provide the info you're looking for. Brian Steffen Jahn wrote: > > Hi, > > I tried to use tcpdump (3.2.1) for sniffing fore-ip. I have two problems: > > 1. libpcap notify an ethernet, not atm (rfc1483). > 2. fore-ip does not conform rfc1483 ? > > The first problem is simple to fix. I hook the tcpdump.c code, so it will > always call atm_if_print(). ;-) > > The second problem is not so simple to handle. It seems, there are three > kinds of packets: > > 1. Packets almost conforming the rfc1483. The only difference, they use a 14 > byte mac header in front of the llc. We could simply patch the > atm_if_print(), we check the offset 14 to 16 to the sequence 0xaa, 0xaa, > 0x03. In this case we adjust the starting offset (+14) and the length > (-14) and continue normally. > > Note: This kind of packet appears when an atm nic sends data. > > 2. Real ethernet packets, starting with a 14 byte mac header. This kind > of packet appears when a *normal* ip host sends data in the atm net. E.g. > we could detect such packets with the destination mac address. > > 3. Strange packets, i don't know what it is... > > Has anybody more informations or can correct my (stupid) interpretations? > > Thx in advance, > Steffen. -- ----------------------------------------------------------------------------- Brian Wolfe Voice: 630-916-7570 Open Business Systems Inc. FAX: 630-916-7630 2121 Army Trail Rd Suite 106 bwolfe@obs.net Addison, IL 60101 http://www.obs.net Sun Microsystems Expert Level 2000 ----------------------------------------------------------------------------- |
|