[Ethereal-users] Capturing IP over ATM traces, best approach?

["Alex Bennee" <Alex.Bennee@xxxxxxxxxxx>]

Hi,

We are currently trying to debug some IP over ATM issues with one of our
products. Briefly we are seeing different behaviour of the 3rd party stack
depending if the IP is going in via a Cisco IP/ATM router or via the IPoA
facilities of an HP-UX box.

We have been using ethereal to debug SNMP interaction over out ethernet
interface and it has been very useful, much better than any commercial tools we
have at the moment.

So to start with the questions...

1. Can ethereal actually decode raw on the wire data from an ATM interface? (By
raw data I mean segmented AAL5 cells that have to reformed to make a frame)

2. Can ethereal decode raw frames of Classical IP? (By raw frames I mean
re-assembled AAL5 cells into one frame of data, header+ip)

I think the answer to at least one of those two questions is yes and my main
problem is getting the capture data in a format that ethereal can understand so
we can analyse what is going on.

So this is what I have tried so far:

1. Capture direct from the ATM interface on the HP-UX machine

Didn't work. It was hard to work out which interfaces to use (some are abstract)
and when I finally seemed to hit one libcap complained that the card driver
wasn't providing the necessary features to capture stuff. I tried the interfaces
atm0, ipa0 and cip to no avail.

2. Capture ATM subsystem with nettl on the HP-UX machine

Unfortunately the raw data cannot be parsed by ethereal. I believe this is only
because the filter only understands IP dumps (which I don't want because we
think the problem bay stem from sub-IP packets (ARP etc)).

Which brings me to the options I have yet to try and for which I seek advice on
what people think will be the best approach:

1. Write a diags routine to dump frames on our product in a parsable format

I was thinking of an ASCII format the ethereal will understand (suggestions?) or
as the traffic may be to much for our serial diags interface I could try
streaming a binary format file (snoop rfc1761?) over the ethernet.

2. Figuring out how to create parsable dumps from the nettl output.

There is a utility that formats the output called netfmt but given the volume of
stuff we have its a little tricky to process, I would prefer to do it within
ethereal. Has anyone experimented with reformatting the netfmt output into
tcpdump style stuff?

3. Find out how to dump frames/cells from the Cisco and Fore ATM switches.

Anyone seen any howto's/guides on these that don't involve becoming a certified
CISCO engineer? Will the output be readable by ethereal or will it require some
sort of formatting?

Anyway thanks in advance for any input..

Regards,

Alex.