tcpdump mailing list archives
Re: Linux tcpdump and Sun Solaris Snoop
From: Guy Harris <gharris () sonic net>
Date: Fri, 22 Nov 2002 22:24:30 -0800
On Thu, Nov 21, 2002 at 06:32:30PM -0700, Robert Styma wrote:
I discovered your email in the manual page for tcpdump. Linux tcpdump and Sun Solaris snoop seem to have a common ancestor.
It may seem that way, but if there is such an ancestor, it's Sun's etherfind, and neither tcpdump nor snoop much resemble that - I don't think it even *had* a save file format, as it had no option to save captured packets in raw binary form (raw hex, yes; raw binary, no): http://www.cs.rit.edu/~hpb/Man/_Man_SunOS_4.1.3_html/html8/etherfind.8c.html
I have been unable to discover any way to read a dump captured with Sun Solaris snoop (snoop -r -o file) using tcpdump -n -v -r file Is there a way to accomplish this?
1) get Ethereal, and use its editcap program to convert the snoop file to a tcpdump file. 2) modify libpcap to read snoop files as well as tcpdump files (which can't be done the same way it's done with Ethereal - Ethereal, when checking for types of capture files seeks backwards to the beginning of the file and starts re-reading it for each new file type, but libpcap has to be able to read from a pipe and can't seek backward). I think I still have some code to do 2), but I don't seem to have it here at home, so I can't supply it now (and probably won't be able to do so until Monday at the earliest). If people think it's a reasonable thing to add to libpcap, I could check it in once the CVS server is available again. I'd suggest looking into 1) - Ethereal should run on any modern Linux distribution, and also runs on Solaris (just as tcpdump does - tcpdump isn't a Linux-specific program; it was originally developed for, I think, BSD and SunOS). See http://www.ethereal.com/ or check whether it's installed on your ISP's Linux boxes already or came with their Linux distribution - if not, you could download and build it for on your Solaris boxes, although you'd have to download and install GLib as well (and GTK+, if you want Ethereal itself). - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Linux tcpdump and Sun Solaris Snoop Robert Styma (Nov 21)
- Re: Linux tcpdump and Sun Solaris Snoop Guy Harris (Nov 23)