Wireshark mailing list archives
Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there?
From: Anders Broman <a.broman () bredband net>
Date: Mon, 04 Mar 2013 22:48:01 +0100
Ariel Burbaickij skrev 2013-03-04 22:02:
>What's the underlying link-layer type for the packets in your rf5 file? good bad ol' E.1/MTP2 (I am almost tempter to add "of course" here)>Let the user read a text file containing raw packet data in hex-dump form without requiring them to go to the command line and run >text2pcap. Uhm, maybe I am slow wit here but we have SS7 MTP2, MTP3, SCCP there so as NOT text-based protocols as one can imagine or do I miss something? Then again, if SS7 MTP2 is supported can we just "strip" somehow K-12's overhead here and run text2pcap on whatever reamins there?/wbr Ariel Burbaickij
You should be able to use "file open" on a .rf5 file no need to do file import which is used differently as explained earlier.
Regards Anders
On Mon, Mar 4, 2013 at 8:40 PM, Guy Harris <guy () alum mit edu
<mailto:guy () alum mit edu>> wrote:
On Mar 4, 2013, at 10:46 AM, Ariel Burbaickij
<ariel.burbaickij () gmail com <mailto:ariel.burbaickij () gmail com>>
wrote:
> Thank you for fast response, Guy.
>
>> not all link-layer header types that Wireshark can handle have
corresponding pcap/pcap-ng link-layer header types - in
particular, neither Tektronix rf5 nor HP nettl X.25 do
>
> So, is it something like work in progress and pcap/pcap-ng
headers are going to be added or is it frozen for now?
Neither.
The list of link-layer header types is not frozen, but there is
not, and probably never will be, an official tcpdump.org
<http://tcpdump.org> project or Wireshark to add particular
link-layer header types; new types are added when somebody sends a
request for a type to tcpdump-workers () lists tcpdump org
<mailto:tcpdump-workers () lists tcpdump org> and the request is
accepted.
The current list, and instructions on how to add values, are at
http://www.tcpdump.org/linktypes.html
>> So why isn't that good enough?
>
> Because we would like to replay (using tcpreplay) files in pcap
format, among other things.
Adding a new link-layer header type won't be sufficient; you'll
also have to write a DLT plugin for the new type:
http://tcpreplay.synfin.net/wiki/tcpeditDeveloper
What's the underlying link-layer type for the packets in your rf5
file?
What might be called for here is an *export* option to strip off
metadata that's neither needed nor wanted by particular programs,
converting encapsulations with no corresponding pcap/pcap-ng
link-layer header type to one of those link-layer header types.
>> "Open packet hex dump text file",
>
> Let us try to work backwards here -- what is it actually
supposed to do?
Let the user read a text file containing raw packet data in
hex-dump form without requiring them to go to the command line and
run text2pcap.
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org
<mailto:wireshark-users-request () wireshark org>?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Anders Broman (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)