Christopher Maynard wrote:
>Alex Lindberg <alindber@...> writes:
>
>> Has anyone created a utility to convert the output of tshark -V to pcap files?
>
>I think text2pcap is the logical utility to do this. Unfortunately, it doesn't
>work if the summary information is present, but if you can strip out that stuff,
>then it should work. There is a bug open for enhancing text2pcap to deal with
>the summary information: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1636
I've done something similar with a different kind of text-based dump. In that, I wrote a python script to perform a minimal transformation to the input file to make it palatable to text2pcap and then converted the timestamps and added fake TCP (and underlying) headers like so:
"C:\python26\python.exe" mydump2pcap.py %1 |"C:\Program Files\Wireshark"\text2pcap -t "%%Y-%%m-%%dT%%H:%%M:%%S." -T 2222,40000 - %1.pcap
That's the Windows batch file version. The bash script is a little cleaner syntax, but essentially the same thing.
Ed
