Re: Nettl HP-UX

[Guy Harris <guy () alum mit edu>]

On Jun 17, 2011, at 9:03 PM, Andrej van der Zee wrote:

> > > What tool would you recommend for the conversion?
> >
> > I'd try editcap, telling it to write a pcap-ng file.
>
> Unfortunately it gives me the same error:
>
> andrej@amd64:/usr/local/src/wireshark-1.6.0$
> /usr/local/src/wireshark-1.6.0/editcap  /tmp/test.nettl -F  pcapng
> /tmp/test.pcap
> editcap: Error writing to /tmp/test.pcap: Files from that network type
> can't be saved in that format

OK, the problem is that, for many nettl packets types, the encapsulation includes nettl metadata, and that can't be 
written to a pcap file.

Fixing that would probably require changing the wiretap library to, instead of having a single link-layer type for 
files/packets, having the type be (at least) an ordered pair, with metadata type and link-layer type being separated, 
and allowing files of type {metadata type XXX, link-layer type YYY} to be written out in file formats that support only 
{no metadata, link-layer type YYY}.

The short-term workaround would be to modify editcap to map some of the WTAP_ENCAP_NETTL_ encapsulations to equivalent 
encapsulations supported by pcap/pcap-ng, and to discard the nettl pseudo-header information.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe