ken williams wrote:
I tried some of the captures on the link that you suggested and they were
decoded once I had enabled the protocols.
OK, so the reason why it reported a WTAP_ENCAP value of 1 as UNKNOWN is 
that it *was* unknown - you'd presumably disabled the Ethernet protocol.
Now let me see if I have got this right.
text2pcap uses the library Wiretap in order to interpret the protocols
No.
text2pcap writes out a libpcap-format file, which means that the 
link-layer protocols it can handle are those supported by the libpcap 
file format.
The files are then read, in Ethereal (and Tethereal, and some of the 
utilities that come with Ethereal), by the Wiretap library.  That 
library can also read a number of non-libpcap capture file formats, and 
support can be added for additional capture file formats.
and that the gsm protocols are not in the library
There are two issues here:
	1) there is no libpcap link-layer protocol code for any GSM protocol
and
	2) there is no Wiretap encapsulation code for any GSM protocol.
and therefor it will not work.
I need to add gsm support to the library in order to use the text2pcap program.
At minimum, you need to add a Wiretap encapsulation code for whatever 
GSM protocol is at the link layer in your trace file.
However, that's not sufficient, if you're using text2pcap.  You would 
also need to request a new link-layer protocol code (called a DLT_ 
value, as the names begin with DLT_) from tcpdump.org by sending mail to 
tcpdump-workers@xxxxxxxxxxx, and, once you've gotten that (which should 
happen fairly quickly if you indicate what protocol it is, so that we 
can find the specification for the protocol), you would have to add to 
the Wiretap code for reading libpcap files (or, rather, to the table it 
uses for mapping DLT_ values to Wiretap encapsulation codes) a mapping 
from the new DLT_ value and the new Wiretap encapsulation code.
If, rather than using text2pcap, you added to Wiretap the ability to 
directly read the proprietary traces, you'd only need to have the code 
to read those traces return the new encapsulation code value for 
captures using that GSM protocol.
In either case, you would then have to have the dissector for that GSM 
protocol register itself in the "wtap_encap" dissector table with the 
new Wiretap encapsulation code (assuming such a dissector exists; if it 
doesn't, you'd have to write one and add it to Ethereal).
I assume then that text2pcap adds a protocol identifier in the pcap file.
As text2pcap writes libpcap files, and as libpcap files have, in the 
file header, a DLT_ value indicating the link-layer protocol for the 
packets in the file.
I am using a binary distro for windows at the moment but am attempting to build
ethereal on linux at home so that I can debug.
If you are going to do any of the stuff I mention above, you will *have* 
to be able to build Ethereal on whatever platforms you will be using it 
to read your mobile phone traces, as that stuff involves changing the 
source code and rebuilding Ethereal.
Note that if you don't contribute the changes back to us, you will have 
to maintain them yourself, and merge them into your private version of 
Ethereal whenever you pick up a new release of Ethereal.