Wireshark-dev: Re: [Wireshark-dev] File:Import?
From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Wed, 30 May 2007 23:19:02 +0200
On 5/30/07, Stephen Fisher <stephentfisher@xxxxxxxxx> wrote:
On Tue, May 29, 2007 at 12:26:19PM -0400, Maynard, Chris wrote:

> Today someone sent me a text file of a Wireshark packet capture
> session that was created using Wireshark's File:Export facility.
> Unfortunately, he did not keep the original capture file.  I know
> there's currently no "File:Import" capability in Wireshark, but I was
> wondering if anyone has considered adding it.

Try using the text2pcap utility that comes with Wireshark.  It may be
able to convert your exported text file back into a pcap file that
Wireshark/tshark can read.

> I realize that if "File:Import" is to work that the exported file
> would have to include "all packet bytes", but assuming that's the
> case, I would think that it would be possible to Import it, at least
> for some of the supported Export types, if not all of them?  Is this
> feature worthy of the "Wish List"?  Would anyone object if I add it?
> Or has someone already added it and I just need to wait for 0.99.6?
> :-)

An experimental tool to easily implement this kind of parsers is on
its way... The issue here is guessing the encapsulation.

BTW, hacking wiretap/k12text.l to have reading "File Export..." or
tshark output should be an easy job (encapsulation apart).

It does sound like a good idea to implement a File->Import feature, even
if it just calls text2pcap.  Sorry, it's not already in 0.99.6 developer
versions.  Go ahead and open a bug report and mark it as an enhancement
request at http://bugs.wireshark.org (I don't know about others, but I
look at the bug reports more often than the wish list).

I do not remember the last time I checked the wishlist... A while ago.
But I remember it was a collection of proposals either off the scope
of a protocol analyzer, utopia or with a very narrow user base.

Enhancements in the bug list are better IMHO...

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan