Wireshark mailing list archives

Re: Utility to convert -V text files to pcap??

From: Ed Beroset <beroset () mindspring com>
Date: Wed, 26 Jan 2011 15:12:08 -0500 (GMT-05:00)

Christopher Maynard wrote:

Alex Lindberg <alindber@...> writes:

Has anyone created a utility to convert the output of tshark -V to pcap files?


I think text2pcap is the logical utility to do this.  Unfortunately, it doesn't
work if the summary information is present, but if you can strip out that stuff,
then it should work.  There is a bug open for enhancing text2pcap to deal with
the summary information: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1636


I've done something similar with a different kind of text-based dump.  In that, I wrote a python script to perform a 
minimal transformation to the input file to make it palatable to text2pcap and then converted the timestamps and added 
fake TCP (and underlying) headers like so:

"C:\python26\python.exe" mydump2pcap.py %1 |"C:\Program Files\Wireshark"\text2pcap -t "%%Y-%%m-%%dT%%H:%%M:%%S." -T 
2222,40000 - %1.pcap

That's the Windows batch file version.  The bash script is a little cleaner syntax, but essentially the same thing.

Ed
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Utility to convert -V text files to pcap?? Alex Lindberg (Jan 26)
- Re: Utility to convert -V text files to pcap?? Christopher Maynard (Jan 26)
- <Possible follow-ups>
- Re: Utility to convert -V text files to pcap?? Ed Beroset (Jan 26)