Wireshark
Wireshark (formerly known as ethereal) is long with tcpdump the prefered general purpose network protocol analyzer. It's greatest disadvantage for the radio amatuer was the lack of support for AX.25, NETROM and ROSE, so the only tool left was the special purpse tool listen(8) which pretty much only supports these protocols. Richard Stearn <richard@rns-stearn.demon.co.uk> has provided patches to add support for these protocols to libpcap, wireshark and tcpdump. Below posting is mostly based on his announcements on linux-hams on 2007-03-18.
For the foolhardy, desperate or those who just like to live dangerously.
These are source code patches. The patches add to:
libpcap
- recognition and capture of AX.25
tcpdump
- decoding AX.25
- extraction from BPQ
- decoding an ARP payload
- decoding a TCP/IP payload
- decoding NetROM
- recognition of Flexnet
- recognition of ROSE
wireshark
- dissection of AX.25
- extraction from BPQ
- extraction from AXIP (untested)
- dissection of ARP payload
- dissection of an TCP/IP payload
- dissection of NetROM
- recognition of Flexnet
- dissection of ROSE
- dissection of "No layer 3" payloads
- APRS (by the book)
- recognition of DX cluster
The dissection of APRS & DX in wireshark is controlled via your preferences:
- Edit->Preferences->Protocols->AX25 No L3
All others are treated as having no L3 protocol and printed in hex and ascii.
The patch is against:
- libpcap-0.9.5
- tcpdump-3.9.5
- wireshark-0.99.5
