Hi all, I’ve been using the /tool sniffer with a streaming server to a ethereal client to troubleshoot malicous traffic on my mikrotik network. Anyway, I’ve reached the limit of what I can do with ethereal. I’m trying to write my own TZSP receiver in .NET. I can capture the packets but I’m having trouble dissecting them. The little documentation on the packet make up is difficult to use. I really need some better docs or perhaps a sample packet with documentation. Any help would be appreciated.
Are you trying to analyze things realtime or after the fact? TZSP is simply an encapsulated packet - a wrapper I guess. There is a unix tool provided that will take that and turn it into a pcap if that helps - you can do it on the fly actually with unix. Tell MT to stream to the unix box and then using trafr you pipe it to tcpdump and save it off.
PS - using ethereal on windows you will probably notice every single tzsp incoming packet causes an outbound icmp port unreachable…
Sam
I’m actually trying to write a server to receive the stream. I’m having trouble decoding the wrapper.