• Welcome to Valhalla Legends Archive.
 

Ethereal

Started by Sorc.Polgara, December 24, 2004, 03:36 PM

Previous topic - Next topic

Sorc.Polgara

Hi, I need some help configuring the packet logging program Ethereal.  I've heard many members mention that they use it.  I am currently using the packet logging program WPE Pro because I had a problem with Ethereal when I tried it.

I was able to packet log BNCS and BNLS packets with Ethereal however there was a slight problem that I ran into which made the job of looking and finding the logged data very, very, time consuming, tedious and frustrating.

Every packet that I recieved had a string of data, varied in size, that looked like some type of header because parts of the string of data were pretty constant when compared to each packet recieved.  Now this was sort of a pain in the arse because in order for me to find the BNCS or BNCS packet logged I must scan through the packet to find the beginning of the BNCS or BNLS header.  I tried using the Search command but even that just slightly made the routine easier.

I read the help files, website and other resources to see if the Filtering thing might aid me in removing this header thing.  However I tried and tried but I couldn't get it to work.

In a previous post I was told that this header is like the "TCP/IP" header or something.  I referred to it as "bull crap" because it was something that I did not want to log and just got in the way.  It might have some important use but I'm not looking at using.

I have since had to replace my hard drive that fucking die on my, I lost everything , back a few months ago.  Therefore I have lost any packet logs I saved and so I can't post an example of what I am talking about at this time.  However I'll try and give a rough example of what I'm talking about.

In WPE Pro the packets recieved and logged do not include this header thing and this is what is why I prefer it.

Here is what the beginning of a WPE Pro packet that was logged would look like:
Quote
FF  50  3A  00  00  00  00 ..........

Logged Ethereal packet:
Quote
(A header like string of data that is pretty large) FF  50  3A  00  00  00  00  ..........

Does anyone have any idea of how to exclude this header like string of data from the packetlog?

Thanks.


NOTE:  I wasn't quite sure what forum to post this in but since this is really the only forum that I post in I felt more comfortable asking in here.  I'm sorry if I have posted this topic in the wrong forum.

Eibro

In the frame panel there should be a field called 'data' for any TCP packet which actually contains data. Select a frame, click the data section, and it will highlight the data in the hex view panel.
Eibro of Yeti Lovers.

tA-Kane

Awesome, it even supports AppleTalk protocols!
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com