ATM capture setup

As ATM traffic is cell-oriented rather than packet-oriented, the support for capturing ATM traffic on various platforms is a bit more complicated than support on, for example, various LAN types.

ATM interfaces might only support capturing at the "classical IP" layer. If you're using LANE, you might only be able to capture on the Ethernet or Token Ring layer on the emulated LAN, not on the raw ATM layer or even the raw LANE layer, so you might not see LANE headers or LE Control traffic.

Table of contents

Solaris

On Solaris, with libpcap 0.8.1 or later, it should be possible to directly capture on a SunATM device (such as ba0). You will get reassembled AAL5 and Signalling AAL traffic, rather than raw cells. (XXX - what will you get for other AALs?)

Note that most versions of Wireshark for Solaris are statically linked with libpcap; that means that they have to have been built with libpcap 0.8.1 or later in order to support ATM captures. If a version of Wireshark was statically linked with a version of libpcap earlier than 0.8.1, downloading and installing 0.8.1 or a later version of libpcap will not give that version of Wireshark the ability to capture on SunATM devices.

FreeBSD

XXX - what do you get here?

NetBSD

XXX - what do you get here?

OpenBSD

XXX - what do you get here?

DragonFly BSD

XXX - what do you get here?

Linux

There is currently no support for capturing "raw" ATM traffic (in the sense that only SAR is done, but you see the traffic on various AAL5/Signalling AAL VC's with a pseudo-header of some sort giving VPI/VCI information, etc.) on Linux. It should be possible to capture on interfaces supporting Classical IP.

AIX

XXX - what do you get here?

HP-UX

HP-UX's ATM interfaces aren't supported by DLPI in a fashion that allows libpcap to capture on them, so there's no support for capturing ATM traffic on HP-UX.

Windows

Has anybody tried this? Network Monitor supports ATM captures with a type of NdisMediumAtm, so perhaps it works either with raw NDIS or with the NetMon driver (as is currently used by WinPcap for PPP).

It might be possible, on some operating systems, to attach a machine running Wireshark to an ATM link between another machine and an ATM switch, using a DAG card from Endace Measurement Systems. You would need a version of libpcap or WinPcap that supports the DAG API, and would also have to have Endace's software for the DAG card providing that API installed. For libpcap, you'd probably have to install the DAG software and then download the libpcap source from the tcpdump.org Web site, configure, build, and install that software. The DAG cards are supported with libpcap only on Linux and FreeBSD. For further help on this you should contact Endace.

See Also


CategoryHowTo

CaptureSetup/ATM (last edited 2008-04-12 17:51:48 by localhost)