Ethereal-dev: Re: [Ethereal-dev] mergecap: How to merge Ethernet & Linuxcookedcapture files?
I'll add the Tektronix K1x .rf5 to the list (K12) it can actually
save some sort of multiencapsulation file (But if and only if you are
reading from an rf5 file, it is not able to save if you have opened an
(eg) pcap file).
The plus about pcap-NG is that it would allow to write a file that
could contain different encapsulaton types starting from any other
pcap file then mergecap could mix files with arbitrary encapsulations
(practical example: I work on a machine that uses either MTP2 or
ETHERNET or ATM for signalling).
L.
On 2/22/06, Maynard, Chris <Christopher.Maynard@xxxxxxxxx> wrote:
> I'll leave the question to Guy and the rest of you experts, but when I
> was searching through the mailing list posts, I found a post from Guy
> back in July 2001 indicating that Etherpeek, i4btrace for BSD, iptrace
> for AIX and the Toshiba TR-600 & TR-650 formats also apparently support
> per-packet encapsulations and there seems to be at least some support
> for them already. In this case, would pcap-NG still be the preferred
> format? Would it be worth looking at any of the others formats first?
>
> Here's Guy's post:
> http://www.ethereal.com/lists/ethereal-dev/200107/msg00209.html
>
> - Chris
>
> -----Original Message-----
> From: ethereal-dev-bounces@xxxxxxxxxxxx
> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of LEGO
> Sent: Wednesday, February 22, 2006 2:10 PM
> To: Ethereal development
> Subject: Re: [Ethereal-dev] mergecap: How to merge Ethernet &
> Linuxcookedcapture files?
>
> Well supporting a (rw) file type that allows for several different
> encapsulations to coexists in the same capture file would be great.
>
> But, is the pcap-NG spec already usable?
> ie. are we already at the point where future changes in the format
> won't broke backwards compatibility?
>
>
> On 2/22/06, Maynard, Chris <Christopher.Maynard@xxxxxxxxx> wrote:
> > I suppose it depends on the amount of interest. If I am the only one
> > who will benefit, then I'll probably just convert the cooked capture
> to
> > Ethernet as Guy suggests below, since this is likely to be much easier
> > to do, but if this is something that many others could benefit from as
> > well, then I will look into the pcap-NG option. Is my problem a
> rather
> > unique or are there other folks who would desire this functionality as
> > well?
> >
> > -----Original Message-----
> > From: ethereal-dev-bounces@xxxxxxxxxxxx
> > [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Guy Harris
> > Sent: Wednesday, February 22, 2006 1:46 PM
> > To: Ethereal development
> > Subject: Re: [Ethereal-dev] mergecap: How to merge Ethernet & Linux
> > cookedcapture files?
> >
> > Guy Harris wrote:
> > > Maynard, Chris wrote:
> >
> > ...
> >
> > >> If not, then what
> > >> would it take to be able to support this type of merge?
> > >
> > > Add support for pcap-NG format:
> >
> > ....or write a tool that converts Linux cooked capture headers to
> > Ethernet headers (adding fake source or destination addresses), and
> run
> > that tool on the Linux cooked capture, and then merge the two Ethernet
> > capture files.
> >
>
>
> -----------------------------------------
> This email may contain confidential and privileged material for the
> sole use of the intended recipient(s). Any review, use, retention,
> distribution or disclosure by others is strictly prohibited. If you
> are not the intended recipient (or authorized to receive for the
> recipient), please contact the sender by reply email and delete all
> copies of this message. Also, email is susceptible to data
> corruption, interception, tampering, unauthorized amendment and
> viruses. We only send and receive emails on the basis that we are
> not liable for any such corruption, interception, tampering,
> amendment or viruses or any consequence thereof.
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan