Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there?

[Ariel Burbaickij <ariel.burbaickij () gmail com>]

Thank you for fast response, Guy.
> not all link-layer header types that Wireshark can handle have
corresponding pcap/pcap-ng link-layer header >types - in particular,
neither Tektronix rf5 nor HP nettl X.25 do
So, is it something like work in progress and pcap/pcap-ng headers
are going to be added or is it frozen for now?

> So why isn't that good enough?
Because we would like to replay (using tcpreplay) files in pcap format,
among other things.

> "Open packet hex dump text file",

Let us try to work backwards here -- what is it actually supposed to do?

/wbr
Ariel Burbaickij



On Mon, Mar 4, 2013 at 7:38 PM, Guy Harris <guy () alum mit edu> wrote:

> On Mar 4, 2013, at 10:03 AM, Ariel Burbaickij <ariel.burbaickij () gmail com>
> wrote:
>
> > I am using Wireshark 1.8.5 and I attempt to import rf5 (Tektronix file)
> but I do not see it in Import menue as a selection option == I see GCOM
> Serial (78) and Juniper MLPP (81)  -- numbers in parenthesis are the ones
> from wtap.h, of course. Now, I do not see NETTTL_X25 (79) and in particular
> K12 (80) -- is it something done on purpose?
>
> Yes.
>
> > If yes, why so?
>
> Because:
>
>         "Import" really means "read a text file in the same way that
> text2pcap does";
>
>         what text2pcap does is convert a text file containing packet data
> to a pcap file;
>
>         that conversion requires that the user specify a link-layer header
> type for the raw hex data being read;
>
>         not all link-layer header types that Wireshark can handle have
> corresponding pcap/pcap-ng link-layer header types - in particular, neither
> Tektronix rf5 nor HP nettl X.25 do.
>
> > If not, what can/should I do here? I am able to open rf5 files just fine.
>
> So why isn't that good enough?  What were you expecting "Import" to do
> that "Open" didn't do?
>
> It sounds as if the only problem here might be that "Import" isn't
> necessarily the right name for that menu item; perhaps "Open packet hex
> dump text file", or something such as that, would be better.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe