1 <!-- EUG Appendix Tools -->
5 <appendix id="AppTools">
6 <title>Related command line tools</title>
8 <section id="AppToolsIntroduction">
9 <title>Introduction</title>
11 Beside the Ethereal GUI application, there are some command line tools,
12 which can be helpful for doing some more specialized things. These tools
13 will be described in this chapter.
17 <section id="AppToolstcpdump">
18 <title>tcpdump: Capturing with tcpdump for viewing with Ethereal</title>
20 There are occasions when you want to capture packets using
21 <command>tcpdump</command> rather than <command>ethereal</command>,
22 especially when you want to do a remote capture and do not want the
23 network load associated with running Ethereal remotely (not to
24 mention all the X traffic polluting your capture).
27 However, the default <command>tcpdump</command> parameters result in a
28 capture file where each packet is truncated, because
29 <command>tcpdump</command>, by default, does only capture the first 68
33 To ensure that you capture complete packets, use the following command:
35 tcpdump -i <interface> -s 1500 -w <some-file>
37 You will have to specify the correct <command>interface</command> and
38 the name of a <command>file</command> to save into. In addition,
39 you will have to terminate the capture with ^C when you believe you
40 have captured enough packets.
42 <note><title>Note!</title>
44 tcpdump is not part of the Ethereal distribution. You can get it from:
45 <ulink url="http://www.tcpdump.org">http://www.tcpdump.org</ulink> for various
51 <section id="AppToolstethereal">
52 <title>tethereal: Terminal-based Ethereal</title>
54 <application>Tethereal</application> is a terminal oriented version
55 of ethereal designed for capturing and displaying packets when an
56 interactive user interface isn't necessary or available. It supports
57 the same options as <command>ethereal</command>. For more
58 information on <command>tethereal</command>, see the manual pages
59 (<command>man tethereal</command>).
63 <section id="AppToolscapinfo">
64 <title>capinfo: Print information about capture files</title>
66 Included with Ethereal is a small utility called
67 <command>capinfo</command>, which is a command-line utility to
68 print information about binary capture files.
71 <example id="AppToolscapinfoEx">
72 <title>Help information available from capinfo</title>
75 Usage: capinfo [-t] [-c] [-s] [-d] [-u] [-a] [-e] [-y]
76 [-i] [-z] [-h] <capfile>
77 where -t display the capture type of <capfile>
78 -c count the number of packets
79 -s display the size of the file
80 -d display the total length of all packets in the file
82 -u display the capture duration (in seconds)
83 -a display the capture start time
84 -e display the capture end time
85 -y display average data rate (in bytes)
86 -i display average data rate (in bits)
87 -z display average packet size (in bytes)
88 -h produces this help listing.
90 If no data flags are given, default is to display all statistics
96 <section id="AppToolseditcap">
97 <title>editcap: Edit capture files</title>
99 Included with Ethereal is a small utility called
100 <command>editcap</command>, which is a command-line utility for
101 working with capture files. Its main function is to remove
102 packets from capture files, but it can also be used to convert
103 capture files from one format to another, as well as print
104 information about capture files.
108 <example id="AppToolseditcapEx">
109 <title>Help information available from editcap</title>
112 Usage: editcap [-r] [-h] [-v] [-T <encap type>] [-F <capture type>]
113 [-s <snaplen>] [-t <time adjustment>]
114 <infile> <outfile> [ <record#>[-<record#>] ... ]
115 where -r specifies that the records specified should be kept, not deleted,
117 -v specifies verbose operation, default is silent
118 -h produces this help listing.
119 -T <encap type> specifies the encapsulation type to use:
125 fddi-swapped - FDDI with bit-swapped MAC addresses
128 arcnet_linux - Linux ARCNET
129 atm-rfc1483 - RFC 1483 ATM
130 linux-atm-clip - Linux ATM CLIP
133 atm-pdus-untruncated - ATM PDUs - untruncated
135 ascend - Lucent/Ascend access equipment
137 ip-over-fc - RFC 2625 IP-over-Fibre Channel
138 ppp-with-direction - PPP with Directional Info
139 ieee-802-11 - IEEE 802.11 Wireless LAN
140 prism - IEEE 802.11 plus Prism II monitor mode header
141 ieee-802-11-radio - IEEE 802.11 Wireless LAN with radio information
142 ieee-802-11-bsd - IEEE 802.11 plus BSD WLAN header
143 ieee-802-11-avs - IEEE 802.11 plus AVS WLAN header
144 linux-sll - Linux cooked-mode capture
146 frelay-with-direction - Frame Relay with Directional Info
148 ios - Cisco IOS internal
150 pflog-old - OpenBSD PF Firewall logs, pre-3.4
152 docsis - Data Over Cable Service Interface Specification
153 cosine - CoSine L2 debug log
154 whdlc - Wellfleet HDLC
156 tzsp - Tazmen sniffer protocol
157 enc - OpenBSD enc(4) encapsulating interface
158 pflog - OpenBSD PF Firewall logs
159 chdlc-with-direction - Cisco HDLC with Directional Info
160 bluetooth-h4 - Bluetooth H4
180 symantec - Symantec Enterprise Firewall
181 ap1394 - Apple IP-over-IEEE 1394
182 bacnet-ms-tp - BACnet MS/TP
183 default is the same as the input file
184 -F <capture type> specifies the capture file type to write:
185 libpcap - libpcap (tcpdump, Ethereal, etc.)
186 rh6_1libpcap - RedHat Linux 6.1 libpcap (tcpdump)
187 suse6_3libpcap - SuSE Linux 6.3 libpcap (tcpdump)
188 modlibpcap - modified libpcap (tcpdump)
189 nokialibpcap - Nokia libpcap (tcpdump)
190 lanalyzer - Novell LANalyzer
191 ngsniffer - Network Associates Sniffer (DOS-based)
193 netmon1 - Microsoft Network Monitor 1.x
194 netmon2 - Microsoft Network Monitor 2.x
195 ngwsniffer_1_1 - Network Associates Sniffer (Windows-based) 1.1
196 ngwsniffer_2_0 - Network Associates Sniffer (Windows-based) 2.00x
197 visual - Visual Networks traffic capture
198 5views - Accellent 5Views capture
199 niobserverv9 - Network Instruments Observer version 9
201 -s <snaplen> specifies that packets should be truncated to
202 <snaplen> bytes of data
203 -t <time adjustment> specifies the time adjustment
204 to be applied to selected packets
206 A range of records can be specified as well
210 Where each option has the following meaning:
212 <varlistentry><term><command>-r</command></term>
215 This option specifies that the frames listed should be kept,
216 not deleted. The default is to delete the listed frames.
220 <varlistentry><term><command>-h</command></term>
221 <listitem><para>This option provides help.</para></listitem>
223 <varlistentry><term><command>-v</command></term>
226 This option specifies verbose operation. The default is
231 <varlistentry><term><command>-T {encap type}</command></term>
234 This option specifies the frame encapsulation type to use.
237 It is mainly for converting funny captures to something
238 that Ethereal can deal with.
242 encapsulation type is the same as the input encapsulation.
247 <varlistentry><term><command>-F {capture type}</command></term>
250 This option specifies the capture file format to write
254 The default is libpcap format.
258 <varlistentry><term><command>-s {snaplen}</command></term>
261 Specifies that packets should be truncated to {snaplen} bytes of data.
265 <varlistentry><term><command>-t {time adjustment}</command></term>
268 Specifies the time adjustment to be applied to selected packets.
272 <varlistentry><term><command>{infile}</command></term>
275 This parameter specifies the input file to use. It must be
280 <varlistentry><term><command>{outfile}</command></term>
283 This parameter specifies the output file to use. It must
289 <term><command>[record#[-][record# ...]]</command></term>
292 This optional parameter specifies the records to include
293 or exclude (depending on the <command>-r</command> option.
294 You can specify individual records or a range of records.
302 <section id="AppToolsmergecap">
304 Merging multiple capture files into one with
305 <command>mergecap</command>
308 Mergecap is a program that combines multiple saved capture files
309 into a single output file specified by the -w argument. Mergecap
310 knows how to read libpcap capture files, including those of tcpdump.
311 In addition, Mergecap can read capture files from snoop (including
312 Shomiti) and atmsnoop, LanAlyzer, Sniffer (compressed or
313 uncompressed), Microsoft Network Monitor, AIX's iptrace, NetXray,
314 Sniffer Pro, RADCOM's WAN/LAN analyzer, Lucent/Ascend router debug
315 output, HP-UX's nettl, and the dump output from Toshiba's ISDN
316 routers. There is no need to tell Mergecap what type of file you are
317 reading; it will determine the file type by itself. Mergecap is also
318 capable of reading any of these file formats if they are compressed
319 using gzip. Mergecap recognizes this directly from the file; the '.gz'
320 extension is not required for this purpose.
323 By default, it writes the capture file in libpcap format, and writes
324 all of the packets in both input capture files to the output file.
325 The -F flag can be used to specify the format in which to write the
326 capture file; it can write the file in libpcap format (standard
327 libpcap format, a modified format used by some patched versions of
328 libpcap, the format used by Red Hat Linux 6.1, or the format used
329 by SuSE Linux 6.3), snoop format, uncompressed Sniffer format,
330 Microsoft Network Monitor 1.x format, and the format used by
331 Windows-based versions of the Sniffer software.
334 Packets from the input files are merged in chronological order based
335 on each frame's timestamp, unless the -a flag is specified. Mergecap
336 assumes that frames within a single capture file are already stored
337 in chronological order. When the -a flag is specified, packets are
338 copied directly from each input file to the output file, independent
339 of each frame's timestamp.
342 If the -s flag is used to specify a snapshot length, frames in the
343 input file with more captured data than the specified snapshot length
344 will have only the amount of data specified by the snapshot length
345 written to the output file. This may be useful if the program that
346 is to read the output file cannot handle packets larger than a
347 certain size (for example, the versions of snoop in Solaris 2.5.1 and
348 Solaris 2.6 appear to reject Ethernet frames larger than the standard
349 Ethernet MTU, making them incapable of handling gigabit Ethernet
350 captures if jumbo frames were used).
354 If the -T flag is used to specify an encapsulation type, the
355 encapsulation type of the output capture file will be forced to
356 the specified type, rather than being the type appropriate to the
357 encapsulation type of the input capture file. Note that this merely
358 forces the encapsulation type of the output file to be the specified
359 type; the packet headers of the packets will not be translated from the
360 encapsulation type of the input capture file to the specified
361 encapsulation type (for example, it will not translate an Ethernet
362 capture to an FDDI capture if an Ethernet capture is read
363 and '-T fddi' is specified).
365 <example id="AppToolsmergecapEx">
366 <title>Help information available from mergecap</title>
369 mergecap version 0.10.5
370 Usage: mergecap [-hva] [-s <snaplen>] [-T <encap type>]
371 [-F <capture type>] -w <outfile> <infile> [...]
373 where -h produces this help listing.
374 -v verbose operation, default is silent
375 -a files should be concatenated, not merged
376 Default merges based on frame timestamps
377 -s <snaplen>: truncate packets to <snaplen> bytes of data
378 -w <outfile>: sets output filename to <outfile>
379 -T <encap type> encapsulation type to use:
385 fddi-swapped - FDDI with bit-swapped MAC addresses
388 arcnet_linux - Linux ARCNET
389 atm-rfc1483 - RFC 1483 ATM
390 linux-atm-clip - Linux ATM CLIP
393 atm-pdus-untruncated - ATM PDUs - untruncated
395 ascend - Lucent/Ascend access equipment
397 ip-over-fc - RFC 2625 IP-over-Fibre Channel
398 ppp-with-direction - PPP with Directional Info
399 ieee-802-11 - IEEE 802.11 Wireless LAN
400 prism - IEEE 802.11 plus Prism II monitor mode header
401 ieee-802-11-radio - IEEE 802.11 Wireless LAN with radio information
402 ieee-802-11-bsd - IEEE 802.11 plus BSD WLAN header
403 ieee-802-11-avs - IEEE 802.11 plus AVS WLAN header
404 linux-sll - Linux cooked-mode capture
406 frelay-with-direction - Frame Relay with Directional Info
408 ios - Cisco IOS internal
410 pflog-old - OpenBSD PF Firewall logs, pre-3.4
412 docsis - Data Over Cable Service Interface Specification
413 cosine - CoSine L2 debug log
414 whdlc - Wellfleet HDLC
416 tzsp - Tazmen sniffer protocol
417 enc - OpenBSD enc(4) encapsulating interface
418 pflog - OpenBSD PF Firewall logs
419 chdlc-with-direction - Cisco HDLC with Directional Info
420 bluetooth-h4 - Bluetooth H4
440 symantec - Symantec Enterprise Firewall
441 ap1394 - Apple IP-over-IEEE 1394
442 bacnet-ms-tp - BACnet MS/TP
443 default is the same as the first input file
444 -F <capture type> capture file type to write:
445 libpcap - libpcap (tcpdump, Ethereal, etc.)
446 rh6_1libpcap - RedHat Linux 6.1 libpcap (tcpdump)
447 suse6_3libpcap - SuSE Linux 6.3 libpcap (tcpdump)
448 modlibpcap - modified libpcap (tcpdump)
449 nokialibpcap - Nokia libpcap (tcpdump)
450 lanalyzer - Novell LANalyzer
451 ngsniffer - Network Associates Sniffer (DOS-based)
453 netmon1 - Microsoft Network Monitor 1.x
454 netmon2 - Microsoft Network Monitor 2.x
455 ngwsniffer_1_1 - Network Associates Sniffer (Windows-based) 1.1
456 ngwsniffer_2_0 - Network Associates Sniffer (Windows-based) 2.00x
457 visual - Visual Networks traffic capture
458 5views - Accellent 5Views capture
459 niobserverv9 - Network Instruments Observer version 9
464 <varlistentry><term><command>-h</command></term>
466 <para>Prints the version and options and exits.</para>
469 <varlistentry><term><command>-v</command></term>
472 Causes <command>mergecap</command> to print a number of messages
477 <varlistentry><term><command>-a</command></term>
480 Causes the frame timestamps to be ignored, writing all packets
481 from the first input file followed by all packets from the second
482 input file. By default, when <command>-a</command> is not
483 specified, the contents
484 of the input files are merged in chronological order based on
485 each frame's timestamp. Note: when merging, mergecap assumes
486 that packets within a capture file are already in chronological
491 <varlistentry><term><command>-s</command></term>
493 <para>Sets the snapshot length to use when writing the data.</para>
496 <varlistentry><term><command>-w</command></term>
498 <para>Sets the output filename.</para>
501 <varlistentry><term><command>-T</command></term>
504 Sets the packet encapsulation type of the output capture file.
508 <varlistentry><term><command>-F</command></term>
510 <para>Sets the file format of the output capture file.</para>
515 A simple example merging <filename>dhcp-capture.libpcap</filename>
516 and <filename>imap-1.libpcap</filename> into
517 <filename>outfile.libpcap</filename> is shown below.
519 <example id="AppToolsmergecapExSimple">
520 <title>Simple example of using mergecap</title>
521 <programlisting>$ mergecap -w outfile.libpcap dhcp-capture.libpcap imap-1.libpcap
526 <section id="AppToolstext2pcap" >
527 <title>text2pcap: Converting ASCII hexdumps to network captures with
528 <command>text2pcap</command>
531 There may be some occasions when you wish to convert a hex dump of some
532 network traffic into a libpcap file.</para>
534 <command>Text2pcap</command> is a program that reads in an ASCII hex
535 dump and writes the data described into a libpcap-style capture file.
536 text2pcap can read hexdumps withmultiple packets in them, and build a
537 capture file of multiple packets. text2pcap is also capable of
538 generating dummy Ethernet, IP and UDP headers, in order to build fully
539 processable packet dumps from hexdumps of application-level data only.
542 Text2pcap understands a hexdump of the form generated by od -t x1. In
543 other words, each byte is individually displayed and surrounded with a
544 space. Each line begins with an offset describing the position in the
545 file. The offset is a hex number (can also be octal - see -o), of
546 more than two hex digits. Here is a sample dump that text2pcap can
550 000000 00 e0 1e a7 05 6f 00 10 ........
551 000008 5a a0 b9 12 08 00 46 00 ........
552 000010 03 68 00 00 00 00 0a 2e ........
553 000018 ee 33 0f 19 08 7f 0f 19 ........
554 000020 03 80 94 04 00 00 10 01 ........
555 000028 16 a2 0a 00 03 50 00 0c ........
556 000030 01 01 0f 19 03 80 11 01 ........
559 There is no limit on the width or number of bytes per line. Also the
560 text dump at the end of the line is ignored. Bytes/hex numbers can be
561 uppercase or lowercase. Any text before the offset is ignored,
562 including email forwarding characters '>'. Any lines of text
563 between the bytestring lines is ignored. The offsets are used to
564 track the bytes, so offsets must be correct. Any line which has only
565 bytes without a leading offset is ignored. An offset is recognized
566 as being a hex number longer than two characters. Any text after the
567 bytes is ignored (e.g. the character dump). Any hex numbers in this
568 text are also ignored. An offset of zero is indicative of starting a
569 new packet, so a single text file with a series of hexdumps can be
570 converted into a packet capture with multiple packets. Multiple
571 packets are read in with timestamps differing by one second each.
572 In general, short of these restrictions, text2pcap is pretty liberal
573 about reading in hexdumps and has been tested with a variety of mangled
574 outputs (including being forwarded through email multiple times,
575 with limited line wrap etc.)
578 There are a couple of other special features to note. Any line where
579 the first non-whitespace character is '#' will be ignored as a
580 comment. Any line beginning with #TEXT2PCAP is a directive and options
581 can be inserted after this command to be processed by text2pcap.
582 Currently there are no directives implemented; in the future, these
583 may be used to give more fine grained control on the dump and the
584 way it should be processed e.g. timestamps, encapsulation type etc.
587 Text2pcap also allows the user to read in dumps of application-level
588 data, by inserting dummy L2, L3 and L4 headers before each packet.
589 The user can elect to insert Ethernet headers, Ethernet and IP, or
590 Ethernet, IP and UDP headers before each packet. This allows Ethereal
591 or any other full-packet decoder to handle these dumps.
593 <example id="AppToolstext2pcapEx">
594 <title>Help information available for text2pcap</title>
598 Usage: text2pcap.exe [-h] [-d] [-q] [-o h|o] [-l typenum] [-e l3pid] [-i proto]
599 [-m max-packet] [-u srcp,destp] [-T srcp,destp] [-s srcp,destp,tag]
600 [-S srcp,destp,tag] [-t timefmt] <input-filename> <output-filename>
602 where <input-filename> specifies input filename (use - for standard input)
603 <output-filename> specifies output filename (use - for standard output)
605 [options] are one or more of the following
607 -h : Display this help message
608 -d : Generate detailed debug of parser states
609 -o hex|oct : Parse offsets as (h)ex or (o)ctal. Default is hex
610 -l typenum : Specify link-layer type number. Default is 1 (Ethernet).
611 See net/bpf.h for list of numbers.
612 -q : Generate no output at all (automatically turns off -d)
613 -e l3pid : Prepend dummy Ethernet II header with specified L3PID (in
616 -i proto : Prepend dummy IP header with specified IP protocol (in
618 Automatically prepends Ethernet header as well.
620 -m max-packet : Max packet length in output, default is 64000
621 -u srcp,destp : Prepend dummy UDP header with specified dest and source ports
623 Automatically prepends Ethernet and IP headers as well
625 -T srcp,destp : Prepend dummy TCP header with specified dest and source ports
627 Automatically prepends Ethernet and IP headers as well
629 -s srcp,dstp,tag: Prepend dummy SCTP header with specified dest/source ports
630 and verification tag (in DECIMAL).
631 Automatically prepends Ethernet and IP headers as well
633 -S srcp,dstp,ppi: Prepend dummy SCTP header with specified dest/source ports
634 and verification tag 0. It also prepends a dummy SCTP DATA
635 chunk header with payload protocol identifier ppi.
637 -t timefmt : Treats the text before the packet as a date/time code; the
638 specified argument is a format string of the sort supported
640 Example: The time "10:15:14.5476" has the format code
642 NOTE: The subsecond component delimiter must be specified
643 (.) but no pattern is required; the remaining number
644 is assumed to be fractions of a second.
648 <varlistentry><term><command>-w <filename></command></term>
651 Write the capture file generated by <command>text2pcap</command>
652 to <filename>. The default is to write to standard
657 <varlistentry><term><command>-h</command></term>
659 <para>Display the help message</para>
662 <varlistentry><term><command>-d</command></term>
665 Displays debugging information during the process. Can be
666 used multiple times to generate more debugging information.
670 <varlistentry><term><command>-q</command></term>
672 <para>Be completely quiet during the process.</para>
675 <varlistentry><term><command>-o hex|oct</command></term>
677 <para> Specify the radix for the offsets (hex or octal). Defaults to
678 hex. This corresponds to the <command>-A</command> option for od.
682 <varlistentry><term><command>-l</command></term>
685 Specify the link-layer type of this packet. Default is
686 Ethernet(1). See net/bpf.h for the complete list of possible
687 encapsulations. Note that this option should be used if your
688 dump is a complete hex dump of an encapsulated packet and you
689 wish to specify the exact type of encapsulation. Example: -l 7
694 <varlistentry><term><command>-e l3pid</command></term>
697 Include a dummy Ethernet header before each packet. Specify the
698 L3PID for the Ethernet header in hex. Use this option if your
699 dump has Layer 3 header and payload (e.g. IP header), but no
700 Layer 2 encapsulation. Example: -e 0x806 to specify an ARP
704 For IP packets, instead of generating a fake Ethernet header you
705 can also use -l 12 to indicate a raw IP packet to Ethereal. Note
706 that -l 12 does not work for any non-IP Layer 3 packet (e.g.
707 ARP), whereas generating a dummy Ethernet header with -e works
708 for any sort of L3 packet.
712 <varlistentry><term><command>-u srcport destport</command></term>
715 Include dummy UDP headers before each packet. Specify the
716 source and destination UDP ports for the packet in decimal.
717 Use this option if your dump is the UDP payload of a packet but
718 does not include any UDP, IP or Ethernet headers. Note that this
719 automatically includes appropriate Ethernet and IP headers with
720 each packet. Example: -u 1000 69 to make the packets look like
728 <section id="AppToolsidl2eth" >
730 Creating dissectors from Corba IDL files with
731 <command>idl2eth</command>
734 In an ideal world idl2eth would be mentioned in the users guide
735 in passing and documented in the developers guide. As the
737 has not yet been completed it will be documented here.
740 <title>What is it?</title>
742 As you have probably guessed from the name,
743 <command>idl2eth</command> takes a
744 user specified IDL file and attempts to build a dissector that
745 can decode the IDL traffic over GIOP. The resulting file is
746 "C" code, that should compile okay as an ethereal dissector.
749 <command>idl2eth</command> basically parses the data struct given to
750 it by the omniidl compiler, and using the GIOP API available in
751 packet-giop.[ch], generates get_CDR_xxx calls to decode the
752 CORBA traffic on the wire.
754 <para>It consists of 4 main files.</para>
756 <varlistentry><term><filename>README.idl2eth</filename></term>
758 <para>This document</para>
761 <varlistentry><term><filename>ethereal_be.py</filename></term>
763 <para>The main compiler backend</para>
766 <varlistentry><term><filename>ethereal_gen.py</filename></term>
768 <para>A helper class, that generates the C code.</para>
771 <varlistentry><term><filename>idl2eth</filename></term>
773 <para> A simple shell script wrapper that the end user should
774 use to generate the dissector from the IDL file(s).</para>
780 <title>Why do this?</title>
782 It is important to understand what CORBA traffic looks
783 like over GIOP/IIOP, and to help build a tool that can assist
784 in troubleshooting CORBA interworking. This was especially the
785 case after seeing a lot of discussions about how particular
786 IDL types are represented inside an octet stream.
789 I have also had comments/feedback that this tool would be good for say
790 a CORBA class when teaching students what CORBA traffic looks like
794 It is also COOL to work on a great Open Source project such as
795 the case with "Ethereal" (
796 <ulink url="http://www.ethereal.com">http://www.ethereal.com</ulink>
800 <section><title>How to use idl2eth</title>
802 To use the idl2eth to generate ethereal dissectors, you
806 <title>Prerequisites to using idl2eth</title>
809 Python must be installed. See
810 <ulink url="http://python.org/"/>
815 omniidl from the the omniORB package must be available. See
816 <ulink url="http://omniorb.sourceforge.net/"/>
821 Of course you need ethereal installed to compile the
822 code and tweak it if required. idl2eth is part of the
823 standard Ethereal distribution
828 To use idl2eth to generate an ethereal dissector from an idl file
829 use the following proceedure:
833 Proceedure for converting a Corba idl file into an ethereal
838 To write the C code to stdout.
839 <programlisting>idl2eth <your file.idl></programlisting>
840 eg: <programlisting>idl2eth echo.idl</programlisting>
845 To write to a file, just redirect the output.
846 <programlisting>idl2eth echo.idl > packet-test-idl.c</programlisting>
847 You may wish to comment out the register_giop_user_module() code
848 and that will leave you with heuristic dissection.
853 If you dont want to use the shell script wrapper, then try
854 steps 3 or 4 instead.</para>
855 <orderedlist continuation="continues">
857 <para>To write the C code to stdout.
858 <programlisting>Usage: omniidl -p ./ -b ethereal_be <your file.idl></programlisting>
860 <programlisting>omniidl -p ./ -b ethereal_be echo.idl</programlisting>
865 To write to a file, just redirect the output.
866 <programlisting>omniidl -p ./ -b ethereal_be echo.idl > packet-test-idl.c</programlisting>
867 You may wish to comment out the register_giop_user_module() code
868 and that will leave you with heuristic dissection.
873 Copy the resulting C code to your ethereal src directory,
874 edit the 2 make files to include the packet-test-idl.c
876 cp packet-test-idl.c /dir/where/ethereal/lives/
884 <programlisting>./configure (or ./autogen.sh)</programlisting>
888 <para> Compile the code
889 <programlisting>make</programlisting>
893 <para>Good Luck !!</para>
897 <section><title>TODO</title>
901 Exception code not generated (yet), but can be added manually.
906 Enums not converted to symbolic values (yet), but can be added
911 <para>Add command line options etc</para>
914 <para>More I am sure :-)</para>
918 <section><title>Limitations</title>
920 See the TODO list inside <filename>packet-giop.c</filename>
923 <section><title>Notes</title>
927 The "-p ./" option passed to omniidl indicates that the
928 ethereal_be.py and ethereal_gen.py are residing in the
929 current directory. This may need
930 tweaking if you place these files somewhere else.
935 If it complains about being unable to find some modules
937 you may want to check if PYTHONPATH is set correctly.
938 On my Linux box, it is PYTHONPATH=/usr/lib/python1.5/
945 <!-- End of EUG Appendix Tools -->