Re: Capturing ATM/IMA traffic on Wireshark

[Guy Harris <guy () alum mit edu>]

On Jun 2, 2010, at 6:25 PM, Rayne wrote:

> Is it possible to capture ATM/IMA traffic on Wireshark? Say I have an IMA emulator that generates IMA traffic across 
> 4 E1 links, it is possible to connect the emulator to a switch, then to a server and use Wireshark to capture the 
> traffic?

Are you talking about traffic that's actually running over E1 links?

If so, you will need hardware capable of capturing traffic over those links, an operating system that supports that 
hardware, and a version of libpcap/WinPcap that supports that hardware.

Endace has a DAG card that can capture on E1 links:

        http://www.endace.com/dag-3.7t-packet-capture-card.html

which is, I think, supported on Linux, FreeBSD, and Windows.  The standard versions of libpcap that come with various 
Linux distributions and FreeBSD don't support it by default, but most if not all of them can be built with DAG support 
and linked with Endace's DAG library; I think WinPcap has support for them built in.  If they're built as shared 
libraries, replacing the DAGless standard libraries, Wireshark wouldn't need to be rebuilt.

> And please correct me if I'm wrong, but since the traffic comes from an emulator, can I assume that the traffic is 
> already in the ATM (i.e. 53-byte cells) format, instead of being "encapsulated" in, say, the SDH frame structure?

If they're running over E1 links, would they be using the SDH frame structure?  I thought SDH was for optical links.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe