http://linux-ax25.in-berlin.de/mediawiki/api.php?action=feedcontributions&feedformat=atom&user=G1sogLinuxHam - User contributions [en]2026-04-19T16:44:46ZUser contributionsMediaWiki 1.36.1http://linux-ax25.in-berlin.de/wiki?title=Wireshark&diff=2410Wireshark2010-04-11T20:30:44Z<p>G1sog: </p>
<hr />
<div>Wireshark (formerly known as ethereal) is, along with [[tcpdump]], the prefered general purpose network protocol analyzer. It's greatest disadvantage for the radio amateur was the lack of support for [[AX.25]], [[NETROM]] and [[ROSE]], so the only tool left was the special purpose tool listen(8) which pretty much only supports these protocols.<br />
<br />
= Initial release 2007-03-25 =<br />
<br />
Richard Stearn <richard@rns-stearn.demon.co.uk> has provided patches to add support for these protocols to libpcap, wireshark and tcpdump. Below posting is mostly based on his announcements on [[linux-hams]] on 2007-03-18.<br />
<br />
For the foolhardy, desperate or those who just like to live dangerously.<br />
:http://www.rns-stearn.demon.co.uk/ax25.wireshark.2007-03-25/<br />
<br />
These are source code patches. The patches add to:<br />
== libpcap ==<br />
* recognition and capture of AX.25<br />
<br />
== tcpdump ==<br />
* decoding AX.25<br />
* extraction from BPQ<br />
* decoding an ARP payload<br />
* decoding a TCP/IP payload<br />
* decoding NetROM<br />
* recognition of Flexnet<br />
* recognition of ROSE<br />
<br />
== wireshark ==<br />
* dissection of AX.25<br />
* extraction from BPQ<br />
* extraction from AXIP (untested)<br />
* dissection of ARP payload<br />
* dissection of an TCP/IP payload<br />
* dissection of NetROM<br />
* recognition of Flexnet<br />
* dissection of ROSE<br />
* dissection of "No layer 3" payloads<br />
** APRS (by the book)<br />
** recognition of DX cluster<br />
<br />
The dissection of APRS & DX in wireshark is controlled via your preferences:<br />
: Edit->Preferences->Protocols->AX25 No L3<br />
<br />
All others are treated as having no L3 protocol and printed in hex and ascii.<br />
<br />
The patch is against:<br />
: libpcap-0.9.5<br />
: tcpdump-3.9.5<br />
: wireshark-0.99.5<br />
<br />
= Update: 2010-04-10 =<br />
<br />
The Wireshark patch has been ported to wireshark-1.2.7 and can be found here:<br />
:http://www.rns-stearn.demon.co.uk/ax25.wireshark.2010-04-10/<br />
<br />
The libpcap patch is now redundant as the necessary protocol identifiers have been added to libpcap-1.1 by the libpcap maintainers, so libpcap-1.1 is a pre-requisite to use of this patch.<br />
<br />
I have not yet ported the tcpdump patch.<br />
<br />
The main changes are the dissection of KISS & BPQ as separate protocols otherwise there is no change to the supported protocols.</div>G1sog