Re: Nettl HP-UX

[Guy Harris <guy () alum mit edu>]

On Jun 14, 2011, at 5:51 PM, Andrej van der Zee wrote:

> I am going to try to convert it to pcap-ng with libpcap 1.1.1

Presumably you mean "try to convert it to pcap-ng and read it using libpcap 1.1.1"; libpcap currently cannot read nettl 
files, and can only write pcap files, not pcap-ng files, so you can't convert it using a libpcap-based tool.

(It might well be possible to add support to libpcap to read nettl files; 1.1.0 and later can read more than one file 
type, namely pcap and pcap-ng, and the infrastructure for that was set up so that support for other file types could be 
added.)

> and assume for now that only one link-layer type is used in the captures i need to process. What tool would you 
> recommend for the conversion?

I'd try editcap, telling it to write a pcap-ng file.

> If i understand correctly, a tool like editcap *could* produce one pcap-file for each link-layer type found in the 
> nettl capture, provided the type is supported.

editcap could perhaps be changed to, when reading a capture file in a format that can have multiple link-layer types 
and writing in file format that doesn't support multiple link-layer types, write out multiple files, one file per 
link-layer type.  It doesn't *currently* do so, however.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe