On Thu, 26 Apr 2001 16:21:15 -0700 (PDT), Guy Harris <guy@xxxxxxxxxx> wrote:
> > I am also somewhat unwilling to implement a method which requires the user
to
> > manually edit the file; I would stay away from it unless nothing else is
> > possible.
>
> If the file doesn't say "this contains RSVP packets", and there's no way
> for a program to infer that it does, some human will have to *somehow*
> tell some piece of software that the file's contents are to be
> interpreted as RSVP.
Sure. My feeling is that selecting menu options is perhaps easier than editing
the file, simply because there are potentially fewer number of steps involved
and a third person doesn't need to learn the syntax for directive commands.
> > Another option is not to put this in wiretap, but rather to have a menu
option
> > directly in Ethereal which allows the user to "Import hex dump". When the
user
> > selects this, he sees a dialog wherein he can specify the protocol and
layer,
> > and fake headers are automatically added as required.
>
> Yet another option is not to put this into Ethereal, period, but to have
> a separate program that reads hex dumps and generates libpcap dump files
> with fake Ethernet and IP headers - or, given that one capture type in
> libpcap is DLT_RAW, meaning "no link-layer headers, just raw IPv4
> headers", generates DLT_RAW capture files with fake IP headers.
I actually already wrote one of these, called "text2pcap". This whole thing
came about because I got a customer hex dump of a message and I needed to deal
with it. That's definitely an option; although it would be slick if this were
somehow automated within Ethereal.
-Ashok
--- Asok the Intern ----------------------------------------
Ashok Narayanan
IOS Network Protocols, Cisco Systems
250 Apollo Drive, Chelmsford, MA 01824
Ph: 978-244-8387. Fax: 978-244-8126 (Attn: Ashok Narayanan)
