tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux tcpdump and Sun Solaris Snoop

From: Guy Harris <gharris () sonic net>
Date: Fri, 22 Nov 2002 22:24:30 -0800
On Thu, Nov 21, 2002 at 06:32:30PM -0700, Robert Styma wrote:

   I discovered your email in the manual page for tcpdump.  Linux 
tcpdump and Sun Solaris snoop seem to have a common ancestor.


It may seem that way, but if there is such an ancestor, it's Sun's
etherfind, and neither tcpdump nor snoop much resemble that - I don't
think it even *had* a save file format, as it had no option to save
captured packets in raw binary form (raw hex, yes; raw binary, no):

        http://www.cs.rit.edu/~hpb/Man/_Man_SunOS_4.1.3_html/html8/etherfind.8c.html


I have been unable to discover any way to read a dump captured with
Sun Solaris snoop (snoop -r -o file) using tcpdump -n -v -r file
Is there a way to accomplish this?


1) get Ethereal, and use its editcap program to convert the snoop file
   to a tcpdump file.

2) modify libpcap to read snoop files as well as tcpdump files (which
   can't be done the same way it's done with Ethereal - Ethereal, when
   checking for types of capture files seeks backwards to the beginning
   of the file and starts re-reading it for each new file type, but
   libpcap has to be able to read from a pipe and can't seek backward).

I think I still have some code to do 2), but I don't seem to have it
here at home, so I can't supply it now (and probably won't be able to do
so until Monday at the earliest).  If people think it's a reasonable
thing to add to libpcap, I could check it in once the CVS server is
available again.

I'd suggest looking into 1) - Ethereal should run on any modern Linux
distribution, and also runs on Solaris (just as tcpdump does - tcpdump
isn't a Linux-specific program; it was originally developed for, I
think, BSD and SunOS).  See

        http://www.ethereal.com/

or check whether it's installed on your ISP's Linux boxes already or
came with their Linux distribution - if not, you could download and
build it for on your Solaris boxes, although you'd have to download and
install GLib as well (and GTK+, if you want Ethereal itself).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: