Wireshark-users: Re: [Wireshark-users] where is WTAP_ENCAP type 80 (K12) in Import menue/or why i
From: Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx>
Date: Mon, 4 Mar 2013 19:46:16 +0100
Thank you for fast response, Guy.
>not all link-layer header types that Wireshark can handle have corresponding pcap/pcap-ng link-layer header >types - in particular, neither Tektronix rf5 nor HP nettl X.25 do
So, is it something like work in progress and pcap/pcap-ng headers are going to be added or is it frozen for now?
 
>So why isn't that good enough?
Because we would like to replay (using tcpreplay) files in pcap format, among other things.
 
>"Open packet hex dump text file",
 
Let us try to work backwards here -- what is it actually supposed to do?
 
/wbr
Ariel Burbaickij
 

 
On Mon, Mar 4, 2013 at 7:38 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Mar 4, 2013, at 10:03 AM, Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx> wrote:

> I am using Wireshark 1.8.5 and I attempt to import rf5 (Tektronix file) but I do not see it in Import menue as a selection option == I see GCOM Serial (78) and Juniper MLPP (81)  -- numbers in parenthesis are the ones from wtap.h, of course. Now, I do not see NETTTL_X25 (79) and in particular K12 (80) -- is it something done on purpose?

Yes.

> If yes, why so?

Because:

        "Import" really means "read a text file in the same way that text2pcap does";

        what text2pcap does is convert a text file containing packet data to a pcap file;

        that conversion requires that the user specify a link-layer header type for the raw hex data being read;

        not all link-layer header types that Wireshark can handle have corresponding pcap/pcap-ng link-layer header types - in particular, neither Tektronix rf5 nor HP nettl X.25 do.

> If not, what can/should I do here? I am able to open rf5 files just fine.

So why isn't that good enough?  What were you expecting "Import" to do that "Open" didn't do?

It sounds as if the only problem here might be that "Import" isn't necessarily the right name for that menu item; perhaps "Open packet hex dump text file", or something such as that, would be better.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe