Ethereal-users: Re: [Ethereal-users] New User - Want to format hex packets for Ethereal
> I want to be able to import my own interface dumps which are currently in a
> raw hex format into Ethereal. Is there a utility that will do this or a
> simple file format that I could format my data?
If you were to put, at the beginning of the file, a header consisting
of:
a 32-bit integer, in *host* byte order (little-endian, if you're
on NT), wiht the value hex a1b2c3d4;
a 16-bit integer, in host byte order, with the value 2;
a 16-bit integer, in host byte order, with the value 4;
a 32-bit integer with the value 0;
another 32-bit integer with the value 0;
a 32-bit integer, in host byte order, with a value greater than
or equal to the largest packet in the file (65535 should do);
a 32-bit value, in host byte order, that is one of:
1 Ethernet
6 Token Ring
10 FDDI
105 802.11
or various other values, depending on the link-layer header on
all of the packets (they all have to have the same link-layer
type);
and, right after that header, put your raw packet data, with each packet
preceded by a per-packet header consisting of:
a 32-bit integer, in host byte order, representing the time, in
seconds since January 1, 1970, 00:00:00 GMT, when the packet was
captured;
a 32-bit integer, in host byte order, representing the
microseconds since that second when the packet was captured;
a 32-bit integer, in host byte order, representing the number of
bytes of captured data in the packet;
a 32-bit integer, in host byte order, representing the number of
bytes of data in the packet (the second number would be greater
than the first if only the first N bytes of the packet were
captured);
you will have a file that not only Ethereal, but tcpdump/WinDump and
various other programs, will be able to read.
What type of network interface is this?
