Re: How to convert cap file with XCP header to libpcap compatible capture file

[锐 刘 <reallio () msn com>]

Hello,

Initially I think the incorrect parse is due to the cap file format, but after reading the code of wireshark, I got the 
reason.

The cap file is created by Tesgine (Huawei product), whose values of network and network_plus are 0x01 and 0x00 
respectively. So as a result, Wireshark will recognise it as a WTAP_ENCAP_TOKEN_RING capture, but actually, the packets 
in the capture file are all ethernet messages. 

I am not sure who comforms to the standard, Tesgine or Wireshark. But for a workaround, please change 0x01 to 0x00 at 
the offset of 0x2c in the cap file.

Ray

From: reallio () msn com
To: wireshark-users () wireshark org
Subject: How to convert cap file with XCP header to libpcap compatible capture file
Date: Tue, 6 Jul 2010 10:24:19 +0000








Hello there,

I got a cap file with XCP header which can not be parsed correctly in Wireshark (version 1.2.9). How can I convert cap 
file with XCP header to libpcap compatible capture
 file?

Thanks,
Ray

                                          
Hotmail: Trusted email with powerful SPAM protection. Sign up now.                                        
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe