Wireshark mailing list archives
Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there?
From: Guy Harris <guy () alum mit edu>
Date: Mon, 4 Mar 2013 13:58:53 -0800
On Mar 4, 2013, at 1:02 PM, Ariel Burbaickij <ariel.burbaickij () gmail com> wrote:
What's the underlying link-layer type for the packets in your rf5 file?good bad ol' E.1/MTP2 (I am almost tempter to add "of course" here)
And can tcpreplay replay MTP2 files? Are there any links to which it can write?
Let the user read a text file containing raw packet data in hex-dump form without requiring them to go to the command line and run text2pcap.Uhm, maybe I am slow wit here but we have SS7 MTP2, MTP3, SCCP there so as NOT text-based protocols as one can imagine or do I miss something?
Yes, you're missing something.
"Text file containing raw packet data in hex-dump form" doesn't mean "text file containing text from a text-based
protocol", it means "text file containing text such as
0000: FF FF FF FF FF FF 00 01 02 03 04 05 08 00 45 00
..."
It interprets that text as an (optional?) offset and a bunch of hex representations of byte values, and converts the
hex representations of byte values to binary byte values and interprets those binary byte values as packets with the
link-layer encapsulation type specified by the user (so that, if the link-layer encapsulation type were specified as
Ethernet - which is *another* one of the values supported, and which is *also* not a text-based protocol - that packet
would look like an IPv4 broadcast packet from MAC address 00:01:02:03:04:05).
Then again, if SS7 MTP2 is supported can we just "strip" somehow K-12's overhead here and run text2pcap on whatever reamins there?
If you have a *text* file - i.e., *NOT* an rf5 file, which is a *binary* file - then you could probably edit it into
some form that could be run through either
1) text2pcap
or
2) the File -> Import code
and produce a file with a LINKTYPE_MTP2 encapsulation.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Anders Broman (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Ariel Burbaickij (Mar 04)
- Re: where is WTAP_ENCAP type 80 (K12) in Import menue/or why is it not there? Guy Harris (Mar 04)