Ethereal-users: Re: [Ethereal-users] parsing .enc formatted capture files in Perl
On Tue, Jul 25, 2006 at 05:39:56AM +0200, Joerg Mayer wrote:
> On Mon, Jul 24, 2006 at 09:21:06AM -0400, Michael Schenck wrote:
> > I help code and maintain an automated test environment and we are
> > currently attempting to add the capability to parse capture files
> > automatically as well. Our traffic generation and analysis is
> > accomplished with Ixia hardware. The only standard binary capture output
> > supported is the .enc format.
> >
> > Currently we have to manually parse these captures using ethereal as this
> > format is not supported by pcap, thus not supported by the Net::Pcap perl
> > module.
> >
> > Since ethereal does support this format, I'm hoping that someone might be
> > able to provide me with some insight to this issue.
>
> Well, you should be able to use editcap to convert the fileformat to
> pcap. As editcap is a commandline tool, you should be able to script it.
> If you want to implement a proper decoder for that format in perl, the
> sources can be found in the ethereal sources in the wiretap directory.
sigh - it's too late/early. a) don't use ethereal any more, please use
wireshark (www.wireshark.org) and b) such questions should be directed
to the wireshark-users mailinglist of course ;-)
ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users