Ethereal-users: Re: [Ethereal-users] parsing .enc formatted capture files in Perl

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Tue, 25 Jul 2006 05:39:56 +0200
On Mon, Jul 24, 2006 at 09:21:06AM -0400, Michael Schenck wrote:
> I help code and maintain an automated test environment and we are 
> currently attempting to add the capability to parse capture files 
> automatically as well.  Our traffic generation and analysis is 
> accomplished with Ixia hardware.  The only standard binary capture output 
> supported is the .enc format. 
> 
> Currently we have to manually parse these captures using ethereal as this 
> format is not supported by pcap, thus not supported by the Net::Pcap perl 
> module. 
> 
> Since ethereal does support this format, I'm hoping that someone might be 
> able to provide me with some insight to this issue. 

Well, you should be able to use editcap to convert the fileformat to
pcap. As editcap is a commandline tool, you should be able to script it.
If you want to implement a proper decoder for that format in perl, the
sources can be found in the ethereal sources in the wiretap directory.

 ciao
    Joerg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users