Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A question regarding text2pcap

From: Michael Tuexen <Michael.Tuexen () lurchi franken de>
Date: Tue, 25 Dec 2012 23:38:29 +0100
On Dec 23, 2012, at 9:42 PM, Jaap Keuter wrote:


Hi,

Well, from my days working on the File|Import function I can remember that this is the (proposed) option format. But 
if you want to define a per-packet parameter then an in-line tag should be fine. Think of a variant of the timestamp, 
now parametrized by -t <fmt>. So you could use something like -D (for direction) to allow 'ingress'/'inbound' and 
'egress'/'outbound' to indicate direction (P2P_DIR_*).

Hi Jaap,

using the preamble is a good idea. Thank you very much!
Implemented in r46744.

Best regards
Michael


Thanks,
Jaap

On 12/22/2012 10:04 PM, Michael Tuexen wrote:

Dear all,

after adding support for pcapng to textpcap and fixing the support of the
epb flags word for pcapng, I would like to add to text2pcap the capability
to indicate in the input file per packet, if the packet was sent or received.
text2pcap will than save this in the epb flags word when using pcapng.

My question is how to realize this. One possibility would be to use a directive
#TEXT2PCAP inbound
0000 01 02 03 ....
#TEXT2PCAP outbound
0000 01 03 03 ....

However, I would prefer a solution where the indication of inbound/outbound can
be on the same line as the packet.
(for some reason the producer of the file to be read by text2pcap normally provides
each packet on a single (long) line).

Any idea how to achieve this? Maybe using the directive at the beginning of the
line?

Any hints welcome!

Best regards
Michael



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
           mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: