Re: Tcpdump: ASCII -> binary trace conversion, any tools?

[Stanislav Rost <stanrost () lcs mit edu>]

Dear Martin,

Thank you very much for your kind reply.  The difficulty in my case is
that I only have access to TCPDUMP's ASCII output, the "playback" of a
pcap trace, of the following form:

...
1068290793.846948 X.X.X.X.Y > X.X.X.X.Y: udp 116 (DF) (ttl 46, id 0, len
144)
1068290793.851850 X.X.X.X.Y > X.X.X.X.Y: P [tcp sum ok]
723881836:723881848(12) ack 2144666878 win 57848 <nop,nop,timestamp
2895874309 1272161798> (DF) (ttl 42, id 42545, len 64)
...

which I must convert back into the original, binary libpcap trace.  It
is admittedly a bit different from converting a hex pcap dump.

Would you happen to know of any tools that could help me?

Please CC: me in the reply as I am on the tcpdump-nomail list...

Thanks,

Stan

On Mon, 2003-11-17 at 12:13, Martin Regner wrote:
> Please note that Ethereal can handle a lot of different capture file
> formats, so if you need to transfer from
> one format to another there could be support for that
>
> What program have you done the capturing with?
>
> http://www.ethereal.com/introduction.html#features
>
> Ethereal can read capture files from tcpdump (libpcap), NAI's SnifferT
> (compressed and uncompressed), SnifferT Pro, NetXrayT, Sun snoop and
> atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network
> Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl,
> i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log
> (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek,
> or Visual Networks' Visual UpTime. It can also read traces made from
> Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text
> output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS.
> Any of these files can be compressed with gzip and Ethereal will decompress
> them on the fly.
>
> Therea are also some perl scripts and similar available to convert from
> other formats.
>
>
> ----- Original Message -----
> From: "Martin Regner" <martin.regner () chello se>
> To: "Stanislav Rost" <stanrost () lcs mit edu>
> Sent: Monday, November 17, 2003 6:06 PM
> Subject: Re: [tcpdump-workers] Tcpdump: ASCII -> binary trace conversion,
> any tools?
>
>
> > If you have hex output of the packet contents in the ASCII file then you
> > could use the text2pcap
> > program included in Ethereal distribution to create a tcpdump/libpcap
> file.
> > 0000  ff ff ff ff ff ff 00 07 0d b3 e4 0a 08 06 00 01   ................
> > 0010  08 00 06 04 00 01 00 07 0d b3 e4 0a d5 59 8c 01   .............Y..
> > 0020  00 00 00 00 00 00 d5 59 8f 82 00 00 00 00 00 00   .......Y........
> > 0030  00 00 00 00 00 00 00 00 00 00 00 00               ............
> >
> >
> > 0000  ff ff ff ff ff ff 00 07 0d b3 e4 0a 08 06 00 01   ................
> > 0010  08 00 06 04 00 01 00 07 0d b3 e4 0a d5 59 8c 01   .............Y..
> > 0020  00 00 00 00 00 00 d5 59 8f 84 00 00 00 00 00 00   .......Y........
> > 0030  00 00 00 00 00 00 00 00 00 00 00 00               ............
> >
> >
> > 0000  ff ff ff ff ff ff 00 07 0d b3 e4 0a 08 06 00 01   ................
> > 0010  08 00 06 04 00 01 00 07 0d b3 e4 0a d5 59 8c 01   .............Y..
> > 0020  00 00 00 00 00 00 d5 59 8f 86 00 00 00 00 00 00   .......Y........
> > 0030  00 00 00 00 00 00 00 00 00 00 00 00               ............
> >
> >
> > ----- Original Message -----
> > From: "Stanislav Rost" <stanrost () lcs mit edu>
> > To: <tcpdump-workers () tcpdump org>
> > Sent: Monday, November 17, 2003 5:51 PM
> > Subject: [tcpdump-workers] Tcpdump: ASCII -> binary trace conversion, any
> > tools?
> >
> >
> > > Hi,
> > >
> > > I was just wondering if you were aware of any tools that could convert
> > > from the ASCII output of tcpdump into the original binary form.  I have
> > > a set of unique traces which are unfortunately in the wrong format for
> > > our tools to read them, and must process them rather urgently.
> > >
> > > Please Cc: me in the reply as I am on tcpdump-nomail...
> > >
> > > Much obliged,
> > >
> > > Stan Rost
> > >
> > >
> > > -
> > > This is the TCPDUMP workers list. It is archived at
> > > http://www.tcpdump.org/lists/workers/index.html
> > > To unsubscribe use
> > mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
> > >
-- 
Stanislav Rost <stanrost () lcs mit edu>
Laboratory for Computer Science, MIT

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe