Wireshark-dev: Re: [Wireshark-dev] ATM Dissector - atm-pdus-untruncated support for libpcap fil
João Pedro Fonseca wrote:
I'm working on a project that uses an Endace card to capture ATM
traffic. These captures are in ERF format (Endace's proprietary format),
and Wireshark can read them perfectly.
However, I'm also using mergecap, editcap and tshark to post-process the
files, and they convert them to libpcap format,
Only if you don't tell them to write out a different format.
Unfortunately, we don't *currently* have support for writing ERF format
in wiretap/erf.c; however, if that were added, Wireshark, TShark,
mergecap, and editcap would be able to write ERF files.
using the atm-pdus encapsulation type.
This encapsulation type states that the AAL5 trailers are not included
in the captured data, but the conversion process leaves the trailer in
anyway. This is probably because there is no libpcap equivalent of the
atm-pdus-untruncated encapsulation type, and a best effort conversion is
made.
That's a bit surprising - the libpcap support in Wiretap should reject
attempts to write out atm-pdus-untruncated captures; it shouldn't write
it out in SunATM format.
Do you have a capture file you could send us?
