|
Ariel Burbaickij skrev 2013-03-04
22:02:
>What's the underlying link-layer type for the packets in
your rf5 file?
good bad ol' E.1/MTP2 (I am almost tempter to add "of course"
here)
>Let the user read a text file containing raw packet data
in hex-dump form without requiring them to go to the command
line and run >text2pcap.
Uhm, maybe I am slow wit here but we have SS7 MTP2, MTP3, SCCP
there so as NOT text-based protocols as one can imagine or do I
miss something? Then again, if SS7 MTP2 is supported can we just
"strip" somehow K-12's overhead here and run text2pcap on
whatever reamins there?
/wbr
Ariel Burbaickij
You should be able to use "file open" on a .rf5 file no need to do
file import which is used differently as explained earlier.
Regards
Anders
On Mon, Mar 4, 2013 at 8:40 PM, Guy
Harris <guy@xxxxxxxxxxxx>
wrote:
On Mar 4, 2013, at 10:46 AM, Ariel Burbaickij < ariel.burbaickij@xxxxxxxxx>
wrote:
> Thank you for fast response, Guy.
>
>> not all link-layer header types that Wireshark can
handle have corresponding pcap/pcap-ng link-layer header
types - in particular, neither Tektronix rf5 nor HP nettl
X.25 do
>
> So, is it something like work in progress and
pcap/pcap-ng headers are going to be added or is it frozen
for now?
The list of link-layer header types is not frozen, but there
is not, and probably never will be, an official tcpdump.org project or Wireshark to add
particular link-layer header types; new types are added when
somebody sends a request for a type to tcpdump-workers@xxxxxxxxxxxxxxxxx
and the request is accepted.
The current list, and instructions on how to add values, are
at
http://www.tcpdump.org/linktypes.html
>> So why isn't that good enough?
>
> Because we would like to replay (using tcpreplay) files
in pcap format, among other things.
Adding a new link-layer header type won't be sufficient;
you'll also have to write a DLT plugin for the new type:
http://tcpreplay.synfin.net/wiki/tcpeditDeveloper
What's the underlying link-layer type for the packets in your
rf5 file?
What might be called for here is an *export* option to strip
off metadata that's neither needed nor wanted by particular
programs, converting encapsulations with no corresponding
pcap/pcap-ng link-layer header type to one of those link-layer
header types.
>> "Open packet hex dump text file",
>
> Let us try to work backwards here -- what is it
actually supposed to do?
Let the user read a text file containing raw packet data in
hex-dump form without requiring them to go to the command line
and run text2pcap.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
|
